ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] DKIM Key Size Reporting Methods

2015-05-13 14:25:02
from [Hector Santos] [Permanent Link] 
On 5/13/2015 3:19 PM, Hector Santos wrote:

There are several ways to offer the DKIM key size expectation for
Receiver local policies to deal with:

1) Report the bit size in Authentication-Results (Auth-Res) header.

    Authentication-Results: mail.example.com
        dkim=pass ..... bitsize=num-bits;

2) Add a DMARC tag extension "ess=" Expected Signature Strength with
values

     ess=std76,    default, tell receivers to follow DKIM STD76.(RFC6376)
     ess=num-bits, num-bits key size is or higher is acceptable

3) Or use "ess=" as a DKIM tag extension:

   DKIM-Signature: d=signer.domain; ess=1024; ......

Any method allows for local policy filtering engines to deal with it.


The last one can be spoofed so nix #3.

-- 
HLS


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] DKIM Key Size Reporting Methods, Hector Santos
Next by Date:  Re: [ietf-dkim] DKIM Key Size Constraints, Alessandro Vesely
Previous by Thread:  [ietf-dkim] DKIM Key Size Reporting Methods, Hector Santos
Next by Thread:  Re: [ietf-dkim] DKIM Key Size Constraints, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]