[cryptography] DKIM: Who cares?
zack.weinberg at sv.cmu.edu
Wed Oct 24 21:10:59 EDT 2012
Or perhaps the mere presence of a DKIM record is sufficient deterrent
against spam with forged From addresses at a particular domain, and
that's the only thing these organizations thought DKIM was good for.
On Wed, Oct 24, 2012 at 7:57 PM, Matthew Green <matthewdgreen at gmail.com> wrote:
> That's my impression.
> Others have pointed out that 512 bits is a limit imposed by DNS/UDP text record sizes (much more and you need TCP). I don't know if that's accurate and I'm not sure it contradicts my first answer.
> On Oct 24, 2012, at 7:21 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>> Steven Bellovin recently forwarded the following link to another list:
>> In summary, it turns out that what seems like half the world's DKIM users are
>> using toy keys as short as 384 bits. This isn't just Joe's Pizza and
>> Panelbeating, it's a worldwide who's-who of big-site DKIM users all using weak
>> keys. Does anyone know why they all do this? Since it's so widespread, my
>> guess is that the organisations involved don't really care about it and are
>> just going through the motions, "we're doing this for form's sake and because
>> not doing so would look bad, not because we believe it adds anything
>> cryptography mailing list
>> cryptography at randombit.net
> cryptography mailing list
> cryptography at randombit.net
More information about the cryptography