Hello everybody,
Murray encourage me to ask here:
https://tools.ietf.org/html/rfc6376#section-3.3.3 say
"Signers MUST use RSA keys of at least 1024 bits for long-lived keys."
and
"Verifiers MUST be able to validate signatures with
keys ranging from 512 bits to 2048 bits, and they MAY be
On Jan 27, 2015, at 8:43 AM, A. Schulze wrote:
>
> Hello everybody,
>
> Murray encourage me to ask here:
>
> https://tools.ietf.org/html/rfc6376#section-3.3.3 say
> "Signers MUST use RSA keys of at least 1024 bits for long-lived keys."
>
> and
> "Verifiers MUST be able to validate signatur
John R. Levine:
> The most likely issue would be that the TXT records don't fit in a
> 512 byte response packet which is a problem for some cruddy
> middleboxes.
that was exactly the reason I started using 4k keys. I wanted to make sure
at least my infrastructure could handle DNS over TCP ev
>> The most likely issue would be that the TXT records don't fit in a 512 byte
>> response packet which is a problem for some cruddy middleboxes.
>
> that was exactly the reason I started using 4k keys. I wanted to make sure
> at least my infrastructure could handle DNS over TCP everywhere.
That'
Steve Atkins:
>> From operational perspective I experience no drawback using 4k RSA
>> keys for DKIM.
>
> How do you know?
Not for sure. There was a feature to request reports in opendkim. Some people
used that and I got mostly no unexpected reports. Today DMARC reports
are a good source too.
> Signer using a key larger then 2048 (like I do for years now) aren't
> inside the specification because there is no MUST on the validation
> side.
> From operational perspective I experience no drawback using 4k RSA
> keys for DKIM.
I'm not surprised that 4K keys work. Most crypto software c
On Jan 27, 2015, at 11:24 AM, A. Schulze wrote:
>
> Steve Atkins:
>
>>> From operational perspective I experience no drawback using 4k RSA
>>> keys for DKIM.
>>
>> How do you know?
>
> Not for sure. There was a feature to request reports in opendkim. Some people
> used that and I got mostly
On 27Jan15, A. Schulze allegedly wrote:
>
> Hello everybody,
>
> Murray encourage me to ask here:
>
> https://tools.ietf.org/html/rfc6376#section-3.3.3 say
> "Signers MUST use RSA keys of at least 1024 bits for long-lived keys."
>
> and
> "Verifiers MUST be able to validate signatures with
On Jan 27, 2015, at 11:53 AM, Steve Atkins wrote:
>
> On Jan 27, 2015, at 11:24 AM, A. Schulze wrote:
>
>>
>> Steve Atkins:
>>
>>
>>> So there's no reason to use anything bigger than 2048 bits for DKIM,
>>> I don't believe. I'd be far more concerned about other attacks on the
>>> system, o
