Should DKIM selector names be unguessable

dkim

The M³WAAG DKIM Key Rotation Best Practices document (pdf) recommends a "sufficiently" random DKIM selector name so that it cannot be guessed by browsing the DNS. A literal quotation:

4.3 Key Selector Naming Scheme

Define a naming scheme for the DKIM key selectors that is both
meaningful for forensic analysis and is sufficiently random so the
keys cannot be easily guessed by browsing the DNS.

NOTE: The selector naming scheme should also be designed to
mitigate the risk that attackers can easily predict the names of future
selectors and retrieve the associated keys. See Section 5 for a
description of the process for publishing keys for future use

This may be relevant for short 512-bit RSA keys, but it does not seem to make sense to me for longer, say 2048-bit, RSA keys. The DNS holds public keys which are not secret and can be discovered by reading just a single signed mail. Security by obscurity with very little security?

Why would a random DKIM selector name be better, when would it make sense to follow their recommendation?

Best Answer

I reviewed the document and found the author(s) don't understand DNS propogation of new entries. When updating old entries there are configurable cache times that can be several days. However, new entries need to be fetched from the authoritative name servers before the can be cached.

If keys are being rotated by the suggested process of rotating keys behind three CNAMEs, the there may be significant delays while cached entries are updated. This can be mitigated by dropping the TTL on record to be updated in the period before it is updated. The CNAME rotations may also be problematic in the case an emergency key rotation is required.

Randomizing the key names does provide some small measure of protection against the public key being retrieved in advance of use. Once the key is in use, I would assume that it could have been harvested for the purpose of generating an alternate signing key.

Related Solutions

DKIM with same key but different domains

You can use the same key for multiple domains. Using different selectors for the same key won't help your reputation. It will also make signing more difficult. You can use the same selector for different keys as they will be published under different domains.

You will need to publish the selector DNS record for each sending domain. Sign the outgoing message with the matching private key.

In my experience, a high percentage of organizations either don't publish a DKIM record. Others publish an invalid record. Neither case adds credibility.

If you are sending from the same IP address, all domains will be marked as spam. Most blacklists are IP based, not domain based. As long as you are using a properly configured server, including DNS configuration it is unlikely your server will be flagged as spamming unless you send spam. Double opt-in should prevent that.

Do ensure your servers are not open relays. Open relays do get flagged and are commonly used to send spam. I do my best to ensure the spam gets left on the open relay as long as possible.

Debian – DKIM header exists but signature is not valid

Now the validator at mail-tester.com says the DKIM signature is fine. On the other hand the isnotspam.com still doesn't seem to like it. I assume it is working fine now. Also gmail accepts the email.

The change I made:

I changed the smtpd_tls_cert_file=.. smtpd_tls_key_file=..

to hold the keys for the primary domain. However my VPS contains several domains, so it still remains to be seen what happens with mails from

someone@example2.com

First the postfix SSL certs have absolutely nothing to do with DKIM so that was different issue you had.

Second if you still are getting errors at isnotspam.com then don't assume everything is alright until you get a green light on all tests.

Third create new signatures for each domain and make sure the DNS entry is correct as well as permissions on the signature files.

Also make sure your postfix/main.cf has the proper entries and the .sock actually exists.

    # DKIM / SPF
# --------------------------------------
milter_default_action = accept
milter_protocol = 6
smtpd_milters = unix:/var/run/opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters

Check mail logs for errors, warnings after restart opendkim, should look something like this:

Feb 21 17:18:23 serverdcu opendkim[2078]: OpenDKIM Filter: mi_stop=1
Feb 21 17:18:23 serverdcu opendkim[2078]: OpenDKIM Filter v2.11.0 terminating with status 0, errno = 0
Feb 21 17:18:23 serverdcu opendkim[37449]: OpenDKIM Filter v2.11.0 starting (args: -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock)

4.3 Key Selector Naming Scheme

Best Answer

Related Solutions

DKIM with same key but different domains

Debian – DKIM header exists but signature is not valid

Related Topic