In article <CABa8R6unyGs-A2Z=RVu95nzKkX8WHVP20t4DFodEBXF=4wc...@mail.gmail.com> you write: >By the definition of SSL3 is legacy, that's been true for years. > >I don't know enough about the different cyphers to know if we >still allow stuff that this change prohibits, though.
I haven't poked in detail, but they probably do. >We do still allow administrators to create 1024 bit DKIM keys because >when we tried to change it, a large number of admins and the web-based DNS >admin consoles they used couldn't handle the larger keys. That was years >ago, though, so I don't know what the current status of those consoles is. That's a different problem. DNS TXT records are a sequence of strings each of which can be up to 255 bytes, but a lot of provisioning crudware only handles one string. A 1K key fits in a 255 byte string, 2K doesn't. From what I've seen, DKIM signers and verifiers will be updated to handle ECC keys before the crudware handles multiple strings. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
