-
-
Notifications
You must be signed in to change notification settings - Fork 2k
Default DKIM keylength of 4096 is too long #1854
Copy link
Copy link
Closed
Labels
kind/questionSomeone asked a question - feel free to answerSomeone asked a question - feel free to answermeta/help wantedThe OP requests help from others - chime in! :DThe OP requests help from others - chime in! :Dmeta/needs triageThis issue / PR needs checks and verification from maintainersThis issue / PR needs checks and verification from maintainerspriority/low
Description
Metadata
Metadata
Assignees
Labels
kind/questionSomeone asked a question - feel free to answerSomeone asked a question - feel free to answermeta/help wantedThe OP requests help from others - chime in! :DThe OP requests help from others - chime in! :Dmeta/needs triageThis issue / PR needs checks and verification from maintainersThis issue / PR needs checks and verification from maintainerspriority/low
Default DKIM keylength of 4096 is too long
The default DKIM is 4096, but according to https://tools.ietf.org/html/rfc6376 , Signers MUST use RSA keys of at least 1024 bits for long-lived keys. Verifiers MUST be able to validate signatures with keys ranging from 512 bits to 2048 bits, and they MAY be able to validate signatures with larger keys.
The consequence of 4096 bit keys is that some mailservers deny the mail.