A New Cryptographic Signature Method for DomainKeys Identified Mail (DKIM)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: The IESG <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com Subject: Protocol Action: 'A new cryptographic signature method for DKIM' to Proposed Standard (draft-ietf-dcrup-dkim-crypto-14.txt) The IESG has approved the following document: - 'A new cryptographic signature method for DKIM' (draft-ietf-dcrup-dkim-crypto-14.txt) as Proposed Standard This document is the product of the DKIM Crypto Update Working Group. The IESG contact persons are Adam Roach, Alexey Melnikov and Ben Campbell. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-crypto/
Technical Summary DKIM [RFC6376] signs e-mail messages, by creating hashes of the message headers and body and signing the header hash with a digital signature. Message recipients fetch the signature verification key from the DNS. The defining documents specify a single signing algorithm, RSA [RFC3447]. This document adds a new stronger signing algorithm, Edwards-Curve Digital Signature Algorithm using the Curve25519 curve (ed25519), which has much shorter keys than RSA for similar levels of security. This is important in overcoming the practical limitations in storing long keys in DNS. Working Group Summary This document represents the consensus of the DCRUP working group. The need for longer DKIM signing keys has become more acute as compute power (and therefore the ability to factor short RSA keys) increases. Initially, two approaches were considered: (1) publication of key fingerprints (hashes), rather than RSA keys in DNS; (2) use of the ed25519 signing algorithm, which has shorter keys for equivalent cryptographic strength. Ultimately, approach (1) was discarded because (2) was sufficient to satisfy the goals of the specification. There was also significant discussion on the format to be used for publishing ed25529 public keys in DNS; a "raw key" format was adopted (without ASN1/DER wrapping). Document Quality The specification has received extensive review from significant members of the email community and input (such as algorithm selection) from WG technical advisor Eric Rescorla. Multiple interoperating implementations exist, including dkimpy-milter, exim, NoSpamProxy, and OpenDKIM. Personnel The Document Shepherd for this document is Jim Fenton. The responsible Area Director is Alexey Melnikov.