DKIM Crypto Update (dcrup) Proposed WG

WG Name DKIM Crypto Update
Acronym dcrup
Area Applications and Real-Time Area (art)
State Proposed
Charter charter-ietf-dcrup-00-01 External review
Dependencies Document dependency graph (SVG)
Personnel Chairs Murray Kucherawy
Rich Salz
Area Director Alexey Melnikov
Tech Advisor Eric Rescorla
Mailing list Address
To subscribe
Jabber chat Room address

Charter for proposed Working Group

The DKIM Crypto Update (DCRUP) Working Group is chartered to update
DKIM to handle more modern cryptographic algorithms and key sizes. DKIM
(RFC 6376) signatures include a tag that identifies the hash algorithm and
signing algorithm used in the signature. The only current algorithm is RSA,
with advice that signing keys should be between 1024 and 2048 bits. While
1024 bit signatures are common, longer signatures are not because bugs in
DNS provisioning software prevent publishing longer keys as DNS TXT records.

DCRUP will consider three types of changes to DKIM: additional signing
algorithms such as those based on elliptic curves, changes to key
strength advice and requirements, and new public key forms, such as
putting the public key in the signature and a hash of the key in the
DNS to bypass bugs in DNS provisioning software that prevent publishing
longer keys as DNS TXT records. It will limit itself to existing
implemented algorithms and key forms. Other changes to DKIM, such as new
message canonicalization schemes, are out of scope. The WG will as far as
possible avoid changes incompatible with deployed DKIM signers and verifiers.

Proposed milestones

Date Milestone