Hello everybody, Murray encourage me to ask here:
https://tools.ietf.org/html/rfc6376#section-3.3.3 say "Signers MUST use RSA keys of at least 1024 bits for long-lived keys." and "Verifiers MUST be able to validate signatures with keys ranging from 512 bits to 2048 bits, and they MAY be able to validate signatures with larger keys." Signer using a key larger then 2048 (like I do for years now) aren't inside the specification because there is no MUST on the validation side. From operational perspective I experience no drawback using 4k RSA keys for DKIM. I see these options: - the signer could use smaller keys and rotate them more often - the specification support other key types which gather same level of security with smaller keys ( elliptic curve crypto ) - the specification REQUIRE validators to handle larger keys. I would kindly ask for other options or advise. Thanks, Andreas _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
