Closed Jaymon closed 8 years ago
Turns out, long keys might not have good support since there is a 512 byte dns TXT limit, I guess I should've done some research:
Since short RSA keys more easily succumb to off-line attacks, signers MUST use RSA keys of at least 1024 bits for long-lived keys. Verifiers MUST be able to validate signatures with keys ranging from 512 bits to 2048 bits, and they MAY be able to validate signatures with larger keys.
I need to write some tests, but it looks like
hosts -t TXT
returns something different than dkim txt