https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7559
Bill Cole <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #4 from Bill Cole <[email protected]> --- (In reply to Giovanni Bechis from comment #2) > AFAIK there is no standard that requires 1024 bit as minimum key size, is > just good practice having bigger keys. https://tools.ietf.org/html/rfc6376#section-3.3.3: 3.3.3. Key Sizes Selecting appropriate key sizes is a trade-off between cost, performance, and risk. Since short RSA keys more easily succumb to off-line attacks, Signers MUST use RSA keys of at least 1024 bits for long-lived keys. Verifiers MUST be able to validate signatures with keys ranging from 512 bits to 2048 bits, and they MAY be able to validate signatures with larger keys. Verifier policies may use the length of the signing key as one metric for determining whether a signature is acceptable. -- You are receiving this mail because: You are the assignee for the bug.
