* John Levine via mailop <jo...@taugh.com>: > It appears that Matthäus Wander via mailop <mail@wander.science> said: > >Hello everyone, > > > >what's the experience with DKIM signatures with RSA keylengths larger > >than 2048 bits? Is it supported by verifiers? Any known incompatibilities? > > All the verifiers I know pass the signatures to openssl or gnutls for > verification, > so I would expect them to work. I am not aware of any reason to use keys > longer > than 2K at this point. We added the longer keys just in case there's a > surprise > weakness in RSA.
If you want to comply with standards put up by the Federal Office for Information Security in Germany you need to use RSA key lengths that exceed the 2k limit. That's because that standard is not specific to DKIM, but only puts up a general requirement. If it were specific to DKIM it would take into account that DKIM *only* needs to establish an identity at one point in time and doesn't have to be cryptographically resistant to protect encrypted information for a long time. This said we have first hand experience of DKIM verifiers out there that fail when you send them DKIM signed messages with keys greater 2k. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop