Unfortunately MAY is not MUST. When it comes to RFCs, it's all too common that p... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Twirrim 7 months ago \| parent \| context \| favorite \| on: Cracking a 512-bit DKIM key for less than $8 in th... Unfortunately MAY is not MUST. When it comes to RFCs, it's all too common that people won't implement MAYs, and you should operate expecting that. I wouldn't trust any key over 2048 bits to work.

maxed 7 months ago [–]

Sorry, I somehow made a typo in the quoted text, the RFC says

  Verifiers MUST be able to validate signatures with keys ranging from 1024 bits to 4096* bits

So mail providers MUST support up to 4096 bits if they follow the latest RFC.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact