> -----Original Message----- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- > boun...@mipassoc.org] On Behalf Of Martijn Grooten > Sent: Tuesday, May 12, 2015 3:23 AM > To: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] DKIM Key Size Constraints > > > I propose a short draft that updates 6376 to say MUST use at least > > 1024 bits and setting that as the minimum size verifiers must be able > > to validate. I'm volunteering to write it if people agree it's appropriate. > > I think it is appropriate - and I agree with others that we shouldn't go > beyond > that. > > Though why not make it even stronger and say that verifiers MUST (or > SHOULD, perhaps) consider signatures with keys shorter than 1024 bits > invalid? This makes it even more explicit. >
+1 I think that Scott is correct in suggesting that this proposed update be limited to setting the minimum size (and nothing else). I also like the suggestion of considering anything smaller than 1024 invalid (Thank you Martijn). This should be a quick and easy update. Apart from that I think we should start a (separate) effort to determine where we go from here. For the most part 2048 length keys seem not to be a problem in the wild at this time. On the other hand, given the speed (or lack thereof) involved in working groups generating useful output, if we start now (for some definition of now) we should (hopefully) have a solution before 2048 keys are at risk. Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html