On Thu, 21 Dec 2023, Stuart Henderson wrote:
If you've had to talk someone not very technical through adding a DKIM RSA key to a poorly implemented web interface from some cheap DNS provider that doesn't handle long TXT records, you might feel differently.
I take your point but I can only have limited sympathy for "you have to change your correctly working mail system because we don't care enough to fix our broken DNS crudware."
There is often a workaround in that case - using 1024 bit keys - but then there *is* a cryptographic problem.
A 1536 bit key should fit in one string and that's plenty long for the forseeable future. The largest RSA number known to be factored is 829 bits, and that's nearly twice the length. Keep in mind that DKIM keys are intended to protect messages for a few weeks, not years, so expensive attacks aren't worth it.
Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
