On 5/13/2015 3:19 PM, Hector Santos wrote:
There are several ways to offer the DKIM key size expectation for
Receiver local policies to deal with:
1) Report the bit size in Authentication-Results (Auth-Res) header.
Authentication-Results: mail.example.com
dkim=pass ..... bitsize=num-bits;
2) Add a DMARC tag extension "ess=" Expected Signature Strength with
values
ess=std76, default, tell receivers to follow DKIM STD76.(RFC6376)
ess=num-bits, num-bits key size is or higher is acceptable
3) Or use "ess=" as a DKIM tag extension:
DKIM-Signature: d=signer.domain; ess=1024; ......
Any method allows for local policy filtering engines to deal with it.
The last one can be spoofed so nix #3.
--
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html