A New Cryptographic Signature Method for DomainKeys Identified Mail (DKIM)

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, dcrup@ietf.org, draft-ietf-dcrup-dkim-crypto@ietf.org, dcrup-chairs@ietf.org, fenton@bluepopcorn.net, alexey.melnikov@isode.com, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'A new cryptographic signature method for DKIM' to Proposed Standard (draft-ietf-dcrup-dkim-crypto-14.txt)

The IESG has approved the following document:
- 'A new cryptographic signature method for DKIM'
  (draft-ietf-dcrup-dkim-crypto-14.txt) as Proposed Standard

This document is the product of the DKIM Crypto Update Working Group.

The IESG contact persons are Adam Roach, Alexey Melnikov and Ben Campbell.

A URL of this Internet Draft is:

Technical Summary

   DKIM [RFC6376] signs e-mail messages, by creating hashes of the message headers and body
   and signing the header hash with a digital signature.  Message recipients fetch the signature
   verification key from the DNS.  The defining documents specify a single signing algorithm,
   RSA [RFC3447].

   This document adds a new stronger signing algorithm, Edwards-Curve Digital Signature Algorithm
   using the Curve25519 curve (ed25519), which has much shorter keys than RSA for similar levels
   of security. This is important in overcoming the practical limitations in storing long keys in DNS.

Working Group Summary

   This document represents the consensus of the DCRUP working group. The need for longer DKIM signing keys
   has become more acute as compute power (and therefore the ability to factor short RSA keys) increases.
   Initially, two approaches were considered: (1) publication of key fingerprints (hashes), rather than RSA keys
   in DNS; (2) use of the ed25519 signing algorithm, which has shorter keys for equivalent cryptographic strength.
   Ultimately, approach (1) was discarded because (2) was sufficient to satisfy the goals of the specification.
   There was also significant discussion on the format to be used for publishing ed25529 public keys in DNS;
   a "raw key" format was adopted (without ASN1/DER wrapping).

Document Quality

   The specification has received extensive review from significant members of the email community
   and input (such as algorithm selection) from WG technical advisor Eric Rescorla.

   Multiple interoperating implementations exist, including dkimpy-milter, exim, NoSpamProxy,
   and OpenDKIM.


   The Document Shepherd for this document is Jim Fenton.
   The responsible Area Director is Alexey Melnikov.