I disagree as well. You can't cherry pick your quotes and you are missing the long-lived caveat as well as the next sentence: Verifiers MUST be able to validate signatures with keys ranging from 512 bits to 2048 bits
If it is 512 to 2048, I think the rfc is clear for recipients. Regards, KAM On January 11, 2015 3:40:42 PM EST, "A. Schulze" <s...@andreasschulze.de> wrote: > >Kevin A. McGrail: > >> https://wordtothewise.com/2012/11/how-long-is-your-dkim-key/ >> >> It's a recommendation not a requirement so the pass even when lower >> than 1024 is accurate. > >I disagree. > >Lauras article is more then two years old. But since more then 4 years > >( Sep 2011 ) >RFC 6376 say very clear: "Signers MUST use RSA keys of at least 1024 >bits ..." >( https://tools.ietf.org/html/rfc6376#section-3.3.3 ) > >Andreas