On 5/12/2015 10:25 PM, Roland Turner wrote: > On 05/13/2015 12:27 PM, Murray S. Kucherawy wrote: > >> https://sourceforge.net/p/opendkim/bugs/221/) appears to agree with >> what I'm saying above. When talking about unacceptably small keys, >> the "unacceptable" decision is not made by the protocol, but by the >> receiver. > > +1
(I haven't been tracking this thread in detail, so please forgive my missing some nuance.) I think the issue separates between 'interoperability' vs. 'usage policy'. The former is the protocol. The latter is either Internet-wide BCP or local policy, depending upon strong community consensus. I did a quick search for (rfc ietf minimum key size cryptograph) and found a series of RFCs that do indeed talk about minimum key size. All of them are Informational, rather than standards track or BCP. As a non-crypto-geek, the solid constant I've observed is that crypto algorithm and key size choices are highly malleable: they change over time. So a protocol needs some agility with respect to these and MUST NOT be locked in too tightly. DKIM is algorithm-agile. It needs to also be key-length-agile. If there is strong community consensus on the choices of algorithm and key-length, it needs to be asserted as an operational convention, not in the base protocol d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html