John R. Levine:
> The most likely issue would be that the TXT records don't fit in a
> 512 byte response packet which is a problem for some cruddy
> middleboxes.
that was exactly the reason I started using 4k keys. I wanted to make sure
at least my infrastructure could handle DNS over TCP ev
>> The most likely issue would be that the TXT records don't fit in a 512 byte
>> response packet which is a problem for some cruddy middleboxes.
>
> that was exactly the reason I started using 4k keys. I wanted to make sure
> at least my infrastructure could handle DNS over TCP everywhere.
That'
> Signer using a key larger then 2048 (like I do for years now) aren't
> inside the specification because there is no MUST on the validation
> side.
> From operational perspective I experience no drawback using 4k RSA
> keys for DKIM.
I'm not surprised that 4K keys work. Most crypto software c