-
tom
Can we use macs ciphers besides RSA1024 now for DKIM signatures?
-
tom
A few years back I tried using longer DKIM RSA keys but ran into issues with incorrectly configured legacy hosts who could not fall back to DNS/TCP or handle IP fragments properly which is needed to handle such long DNS responses. I tried signing both with RSA and a modern elliptic curve based cipher but a lot of legacy mail hosts got confused by this and could not correctly use a dkim selector they implemented if mails had multiple signatures on them.
-
tom
I'm revisiting DKIM now after an AXFR transfer between two providers mangled some long txt records and would not to stop using weak legacy ciphers with weak key sizes