Steve Atkins: >> From operational perspective I experience no drawback using 4k RSA >> keys for DKIM. > > How do you know?
Not for sure. There was a feature to request reports in opendkim. Some people used that and I got mostly no unexpected reports. Today DMARC reports are a good source too. I have some smaller "send only" domains. The DMARC reports also show mostly positive results. > So there's no reason to use anything bigger than 2048 bits for DKIM, > I don't believe. I'd be far more concerned about other attacks on the > system, or even on the RSA algorithm, than I would be about people > brute-forcing 2048 bit keys this decade. That's the point. The RFC don't make that clear enough. It leave one side open. > How big is your DNS TXT record? # dig J4bWGJQcBmxMQ._domainkey.andreasschulze.de. txt ;; Truncated, retrying in TCP mode. ... ;; MSG SIZE rcvd: 851 Andreas _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
