John R. Levine: > The most likely issue would be that the TXT records don't fit in a > 512 byte response packet which is a problem for some cruddy > middleboxes.
that was exactly the reason I started using 4k keys. I wanted to make sure at least my infrastructure could handle DNS over TCP everywhere. > Could you explain what problem you believe needs 4K rather than 2K > keys? DKIM is not PGP or S/MIME and is not intended for long term > protection of confidential data. It's just a short term assurance > that a particular message in transit was signed by a particular > signer. correct. > I rotate my keys every month, which appears to be the shortest DKIM > rotation time in the world. Most people do it every six months or a > year. I agree, too. In practice it's a trade off between keysize and key age... Do you think, the DKIM specification should be more detailed on this pros and cons? Andreas _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
