Jaymon
commented
8 years ago Turns out, long keys might not have good support since there is a 512 byte dns TXT limit, I guess I should've done some research:
Since short RSA keys more easily succumb to off-line attacks, signers MUST use RSA keys of at least 1024 bits for long-lived keys. Verifiers MUST be able to validate signatures with keys ranging from 512 bits to 2048 bits, and they MAY be able to validate signatures with larger keys.
I need to write some tests, but it looks like
hosts -t TXTreturns something different than dkim txt