RFC 6376 (which I think is the latest) includes:
3.3.3. Key Sizes
Selecting appropriate key sizes is a trade-off between cost,
performance, and risk. Since short RSA keys more easily succumb to
off-line attacks, Signers MUST use RSA keys of at least 1024 bits for
long-lived keys. Verifiers MUST be able to validate signatures with
keys ranging from 512 bits to 2048 bits, and they MAY be able to
validate signatures with larger keys. Verifier policies may use the
length of the signing key as one metric for determining whether a
signature is acceptable.
Since receivers have no good way of knowing what keys are long-lived, there's
no way on the receiver side to reliably determine if a key shorter than 1024
bits is being appropriately used or not. I think it's time to kill keys
shorter than 1024 bits dead. It's not like the risks associated with them are
new [1].
I propose a short draft that updates 6376 to say MUST use at least 1024 bits
and setting that as the minimum size verifiers must be able to validate. I'm
volunteering to write it if people agree it's appropriate.
Scott K
[1] http://www.wired.com/2012/10/dkim-vulnerability-widespread/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html