On Fri, Oct 26, 2012 at 2:27 AM, ianG <i...@iang.org> wrote: > >> - It probably wasn't an accidental mis-config, because it's unlikely that >> a >> pile of major organisations would all make the same config mistake. >> Look at >> SSL, the exact same organisations have no problem using strong SSL >> keys, but >> the same thing with DKIM uses weak keys. >> >
Tools like Ivan Ristic's SSL Labs (https://www.ssllabs.com/) have done wonders for those wishing to make sure they have configured their HTTPS webservers correctly. You'll notice that similarly easy to use tools for other systems employing cryptography aren't what I'd call abundant. >> That means there was probably some business, legal, or social reason why >> this >> occurred. >> > I expect initially, yes. Afterwards though I think a lack of easy to use tooling and monitoring tools is more to blame than anything. In the HTTPS world it is almost always the case that the organization that generates and manages the keys also manages/runs the webserver. In the email world you'll find that with the amount of outsourcing to ESPs the same thing isn't true. This makes DKIM more operationally complex than HTTPS. Not unbearably mind you, but definitely more complex. - Andy
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography