> Signer using a key larger then 2048 (like I do for years now) aren't > inside the specification because there is no MUST on the validation > side.
> From operational perspective I experience no drawback using 4k RSA > keys for DKIM. I'm not surprised that 4K keys work. Most crypto software can handle abitrary key sizes. The most likely issue would be that the TXT records don't fit in a 512 byte response packet which is a problem for some cruddy middleboxes. Could you explain what problem you believe needs 4K rather than 2K keys? DKIM is not PGP or S/MIME and is not intended for long term protection of confidential data. It's just a short term assurance that a particular message in transit was signed by a particular signer. I rotate my keys every month, which appears to be the shortest DKIM rotation time in the world. Most people do it every six months or a year. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html