On 5/13/2015 7:31 AM, Scott Kitterman wrote: > > DKIM is a security protocol. I find it very odd to claim that the security > part of a security protocol isn't part of the protocol.
Good point. But we did take it into account. As you point out, the APIs seem to have limited the size. > While I have an opinion on what I think the right answer is, what I'd really > like is whatever is easiest to get published in the IETF that gets signatures > based on keys less than 1024 bits marked fail by opendkim again. IMO, that would be a SUPPORT REQUEST for a specific implementation, not a STD76, across the board, change request. You can't enforce this on other implementators. Keep in mind what a STD76 means -- its a standard, thats it. The bar is going to be very high to make changes to it. Just like STD11 (RFC822) and STD10 (RFC821) are real IETF standards, a fully compliant SMTP package still supports them and they might have strict options to turn off/on 822/821 related protocol features. Those are implementation concepts. Its a good suggestion to have an an "Informational or BCP" for DKIM. -- HLS _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html