Mailing List Archive

8192 length SSL keys
Does Exim support 8192 bit SSL keys?

IF so why is Thunderbird choking?

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
If they can dehumanize the most innocent, they can dehumanize anyone. -unknown

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: 8192 length SSL keys [ In reply to ]
On Mon, Apr 12, 2021 at 02:39:41PM -0600, The Doctor via Exim-users wrote:

> Does Exim support 8192 bit SSL keys?

Even 4096-bit RSA keys are noticeably slow/bulky, none of the public CAs
are using anything stronger than 4096-bit RSA keys and most are using
2048. Why on earth would you want 8192 bits?

If you actually want practical strong keys, use ECDSA P256, Ed25519
or Ed449.

> IF so why is Thunderbird choking?

Wrong question IMHO, don't use 8192 bit RSA, it is not a good idea.

--
Viktor.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: 8192 length SSL keys [ In reply to ]
On 12/04/2021 21:39, The Doctor via Exim-users wrote:
> Does Exim support 8192 bit SSL keys?

Nothing works until it's been tried, and I've not
personally tested 8k (or even 4k) keys in certs.
The regression tests use 2k key for RSA
and (it looks like) a nistp521 key for EC.

I can't comment on other EC variants, but apart
from buffer sizes I'd expect the only limitations
to be in the crypto library in use.


I agree with Viktor, use EC. Until we hit
the cryptapocalypse they are much preferred.

Ed25519 works for DKIM keys, though you need
to worry whether the MTAs you talk to also
support them. You can dual-sign with an RSA
and an EC key.
The tests use 512b (I know; deprecated...) and 1k
keys for DKIM/RSA, and Ed25519 for DKIM/EC.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: 8192 length SSL keys [ In reply to ]
On Mon, Apr 12, 2021 at 10:53:46PM +0100, Jeremy Harris via Exim-users wrote:
> On 12/04/2021 21:39, The Doctor via Exim-users wrote:
> > Does Exim support 8192 bit SSL keys?
>
> Nothing works until it's been tried, and I've not
> personally tested 8k (or even 4k) keys in certs.
> The regression tests use 2k key for RSA
> and (it looks like) a nistp521 key for EC.
>
> I can't comment on other EC variants, but apart
> from buffer sizes I'd expect the only limitations
> to be in the crypto library in use.
>
>
> I agree with Viktor, use EC. Until we hit
> the cryptapocalypse they are much preferred.
>
> Ed25519 works for DKIM keys, though you need
> to worry whether the MTAs you talk to also
> support them. You can dual-sign with an RSA
> and an EC key.
> The tests use 512b (I know; deprecated...) and 1k
> keys for DKIM/RSA, and Ed25519 for DKIM/EC.

4K keys do work!

> --
> Cheers,
> Jeremy
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
A consequence-free mentality brings the most severe consequences. -unknown

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: 8192 length SSL keys [ In reply to ]
On Mon, 12 Apr 2021, Viktor Dukhovni via Exim-users wrote:

> From: Viktor Dukhovni via Exim-users <exim-users@exim.org>
> To: exim-users@exim.org
> Cc: Viktor Dukhovni <exim-users@dukhovni.org>
> Date: Mon, 12 Apr 2021 17:01:27 -0400
> Subject: Re: [exim] 8192 length SSL keys
>
> On Mon, Apr 12, 2021 at 02:39:41PM -0600, The Doctor via Exim-users wrote:
>
> > Does Exim support 8192 bit SSL keys?
>
> Even 4096-bit RSA keys are noticeably slow/bulky, none of the
> public CAs are using anything stronger than 4096-bit RSA keys and
> most are using 2048. Why on earth would you want 8192 bits?
>
> If you actually want practical strong keys, use ECDSA P256,
> Ed25519 or Ed449.

The public CAs seem quite conservative in the algorithms they'll use
in issued certificates. The baseline specification document for
Certificate Authorities can be found in:

https://cabforum.org/baseline-requirements-documents/

and from the latest specification:


6.1.5 Key sizes

For RSA key pairs the CA SHALL:

Ensure that the modulus size, when encoded, is at least 2048 bits, and;
Ensure that the modulus size, in bits, is evenly divisible by 8.

For ECDSA key pairs, the CA SHALL:

Ensure that the key represents a valid point on the NIST
P-256, NIST P-384 or NIST P-521 elliptic curve.

No other algorithms or key sizes are permitted.


so it seems the Ed25519 and Ed448 algorithms are out for now.
--
Dennis Davis <dennisdavis@fastmail.fm>

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/