Re: possible bug in Mail::DKIM when keysize is under 1024 bits

From: A. Schulze <>
Date: Sun, 11 Jan 2015 12:20:44 +0100

Benny Pedersen:

> opendkim have minimal keysize of 1024, else its considered invalid,
> so i am asking should Mail::DKIM follow this as valid or invalid
> even if the key check is PASS ?
> this leads to spamassassin VALID, but opendkim testing INVALID

RFC 6376, 3.3.3: "Signers MUST use RSA keys of at least 1024 bits"
if SA mark a signature by a smaller key VALID, file a bug report
against Mail::DKIM

BTW: Murray:
same RFC: "Verifiers ... MAY be able to validate signatures with
larger (>2048) keys."

using 4k keys, as I do, is not inside the specification?
Are there plans to update these sentence?

Received on Sun Jan 11 2015 - 11:21:24 PST

This archive was generated by hypermail 2.3.0 : Sun Jan 11 2015 - 11:27:00 PST