[enhancement]: Ignore DKIM signatures made with <1024-bit RSA keys #1068
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Which feature or improvement would you like to request?
I'd like to see Stalwart ignore RSA DKIM keys that are shorter than 1024-bits in length due to the relative insecurity of keys shorter than that.
It is quite known that for example 512-bit keys are utterly broken by now. It would also make sense to ignore keys shorter than currently publicly known factored ones, so <=~900-bit keys. (The current largest completed RSA Factoring Challenge was 829-bits long.) As 900 is a relatively weird number it would make sense to rise the limit to a number currently (barely) accepted, so 1024-bits.
I tried to quickly skim the source code to see if there are checks against that currently, but I couldn't find anything concrete.
I will also mention that NIST wants to forbid <2048-bit RSA keys by 2030, RSA altogether by 2035. So it might sense to also warn about 1024-bit keys when they're seen.
Code of Conduct
The text was updated successfully, but these errors were encountered: