On 5/13/2015 7:31 AM, Scott Kitterman wrote:
DKIM is a security protocol. I find it very odd to claim that the security
part of a security protocol isn't part of the protocol.
Good point. But we did take it into account. As you point out, the
APIs seem to have limited the size.
While I have an opinion on what I think the right answer is, what I'd really
like is whatever is easiest to get published in the IETF that gets signatures
based on keys less than 1024 bits marked fail by opendkim again.
IMO, that would be a SUPPORT REQUEST for a specific implementation,
not a STD76, across the board, change request. You can't enforce this
on other implementators.
Keep in mind what a STD76 means -- its a standard, thats it. The bar
is going to be very high to make changes to it. Just like STD11
(RFC822) and STD10 (RFC821) are real IETF standards, a fully compliant
SMTP package still supports them and they might have strict options to
turn off/on 822/821 related protocol features. Those are
implementation concepts.
Its a good suggestion to have an an "Informational or BCP" for DKIM.
--
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html