On 1/11/2015 10:04 PM, Franck Martin wrote:
On Jan 11, 2015, at 3:40 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote:
I disagree as well. You can't cherry pick your quotes and you are missing the
long-lived caveat as well as the next sentence: Verifiers MUST be able to
validate signatures with keys ranging from 512 bits to 2048 bits
If it is 512 to 2048, I think the rfc is clear for recipients.
Gmail and a few others have decided to behave like if there was no DKIM signature
if the key <1024. Because today nearly anyone can crack a 512bits DKIM key and
just for a few dollars.
spamassassin could add positive points if the key <1024
I would likely accept and commit a patch that does if you want to work
on the issue.
regards,
KAM