John R. Levine:
The most likely issue would be that the TXT records don't fit in a
512 byte response packet which is a problem for some cruddy
middleboxes.
that was exactly the reason I started using 4k keys. I wanted to make sure
at least my infrastructure could handle DNS over TCP everywhere.
Could you explain what problem you believe needs 4K rather than 2K
keys? DKIM is not PGP or S/MIME and is not intended for long term
protection of confidential data. It's just a short term assurance
that a particular message in transit was signed by a particular
signer.
correct.
I rotate my keys every month, which appears to be the shortest DKIM
rotation time in the world. Most people do it every six months or a
year.
I agree, too.
In practice it's a trade off between keysize and key age...
Do you think, the DKIM specification should be more detailed on this
pros and cons?
Andreas
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html