DKIM – Using RSA Key Larger Than 2048bit for DKIM

dkimdmarcemailSecurity

I wonder if I can simply use a 4096bit RSA key for DKIM (in DNS TXT Record).
Are there any downsides (neglecting computational effort)?
Maybe there are mail servers which can't handle a key this large?

Also: Is there any big mail provider which uses RSA keys larger than 2048bits?
Google, Yahoo and Microsoft all seem to use 2048bit keys.

Best Answer

From IETF RFC 4871 (emphasis added):

3.3.3. Key Sizes

Selecting appropriate key sizes is a trade-off between cost, performance, and risk. Since short RSA keys more easily succumb to off-line attacks, signers MUST use RSA keys of at least 1024 bits for long-lived keys. Verifiers MUST be able to validate signatures with keys ranging from 512 bits to 2048 bits, and they MAY be able to validate signatures with larger keys. Verifier policies may use the length of the signing key as one metric for determining whether a signature is acceptable.

Factors that should influence the key size choice include the following:

The practical constraint that large (e.g., 4096 bit) keys may not fit within a 512-byte DNS UDP response packet

The security constraint that keys smaller than 1024 bits are subject to off-line attacks

Larger keys impose higher CPU costs to verify and sign email

Keys can be replaced on a regular basis, thus their lifetime can be relatively short

The security goals of this specification are modest compared to typical goals of other systems that employ digital signatures

See [RFC3766] for further discussion on selecting key sizes.

Related Solutions

Security – Our security auditor is an idiot. How to give him the information he wants

First, DON'T capitulate. He is not only an idiot but DANGEROUSLY wrong. In fact, releasing this information would violate the PCI standard (which is what I'm assuming the audit is for since it's a payment processor) along with every other standard out there and just plain common sense. It would also expose your company to all sorts of liabilities.

The next thing I would do is send an email to your boss saying he needs to get corporate counsel involved to determine the legal exposure the company would be facing by proceeding with this action.

This last bit is up to you, but I would contact VISA with this information and get his PCI auditor status pulled.

Publishing long domain key records in bind9

You are using commas to separate your key/value pairs in your record instead of semi-colons. Change it to:

a9d04665528b593d263a6e5256648c99._domainkey IN  1800 TXT (
         "k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2/ZfhxSI/A"
         "bqgh0amM8ylrlosirWeKShUhq7fg12aYmRwOqq9hIzO0Fcz1BzfgHVu6HU++rC5"
         "QoUK0JQK/nk4jwkDgvG2di2ZYmAvEbY/VeiK1x/TG0p1Iczr2k6Bj0gEAb/YGD2"
         "YbwrwAi4bDXwoPsYuuNn9TB3jjyWKu/dvOsqhff1/4Wc+FkOi0ClvgrXiklN28X"
         "TLjyjSyU794ntIoegXxrfwcwkhfPMvuqcnhfIC0Z8L71M4WR4SoHyNHVfBtNlUv"
         "VNROiXlMxtxnNQvfViSwz6LC8bYIxeAba3hSXPTChKu3qZtfR0o3jFwEWAfLQdg"
         "Ixler0jMEoAyJmfQIDAQAB")

Also, I'll note that in my particular zone file, I specifically declare the version as v=DKIM1 and I think you should too. On a side note, I do not wrap the record with ( ) because I just do it all as one long line:

record._domainkey IN 1800 TXT "v=DKIM1;blah" "blah2" "blah3"

It's a personal preference, and I realize now that yours is certainly much more readable.

Best Answer

3.3.3. Key Sizes

Related Solutions

Security – Our security auditor is an idiot. How to give him the information he wants

Publishing long domain key records in bind9

Related Topic