I propose a short draft that updates 6376 to say MUST use at least 1024 bits
and setting that as the minimum size verifiers must be able to validate. I'm
volunteering to write it if people agree it's appropriate.
I think it is appropriate - and I agree with others that we shouldn't go beyond
that.
Though why not make it even stronger and say that verifiers MUST (or SHOULD,
perhaps) consider signatures with keys shorter than 1024 bits invalid? This
makes it even more explicit.
Martijn.
________________________________
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html