On January 12, 2015 8:06:00 AM EST, Mark Martinec
It would be wrong to assign score to short keys.
Kevin A. McGrail wrote:
Actually the rfc specifies that keys 512 to 2048 bits must be verified
so I think there is a grey area and there is this long-lived key
caveat as well.
I think if we can make a rule that fires on <1024 bits it's would be
good.
Fine with me.
The score may not be much but it could be helpful.
A message with a valid signature but a short DKIM key cannot be
scored more severely than an unsigned message, or a message with
an invalid signature - none these are currently assigned
any score.
Mark
