Mark Delany wrote:
On Thu, Mar 16, 2006 at 09:53:52AM +0000, Stephen Farrell allegedly wrote:
Section 3.3.3 includes 512 bit rsa as a MUST. I think that that
might be an error. Is there really any need for anything smaller
than 1024 in any case?
It might not be significant, but I presume there are deployed 512
DomainKey Selectors, excluding 512 from DKIM would break those
deployments.
We *could* deprecated that size by saying verifiers MUST and signers
MAY if the consensus is that 512 should not be used henceforth.
We'd probably have less of a fight if we mandated stronger on
signers, and require/allow receivers to verify with weaker. It's
not entirely clear to me that a receiver would be doing justice
to a weak, but valid signature by ignoring it. At some level, it's
the sending domain's problem -- does the threat really outweigh
the benefit? It sure seems like a pretty theoretical attack to
me.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html