PowerMTA Support Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

PowerMTA 5.5r1 is out!!!!  Please contact support@port25.com for a license and download access.

Author Topic: Google Is Failing Your Perfectly Good DKIM Key (and Why That’s a Good Thing)  (Read 21056 times)

Port25-Admin1

  • Administrator
  • Hero Member
  • *****
  • Karma: +49/-4
  • Posts: 2361

http://blog.returnpath.com/blog/ken-takahashi/google-is-failing-your-perfectly-good-dkim-key-and-why-thats-a-good-thing

In short, Google will start failing DKIM if the key is less than 512-bits.  Within a few weeks, they will fail keys of less than 1024-bits. They have taken this action in response to a Wired.com article regarding a security vulnerability (http://www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/all/).
Logged
Port25-Admin1
------------------
Try the following commands:
Quote
pmta show topdomains --errors
pmta show topqueues --errors
pmta --help

When PowerMTA won't start use:
Quote
pmtad --debug
When all else fails-->support@port25.com

aditoal

  • Newbie
  • *
  • Karma: +0/-5
  • Posts: 1

Were just in the process of providing a facility for our users to select their key strength so they can time their changes with their DNS updates.

The only question as it's a real unknown is the performance overhead in going from 768 to 1024 and 2048. Hopefully this is going to be minimal - any insights?
Logged

Port25-Admin1

  • Administrator
  • Hero Member
  • *****
  • Karma: +49/-4
  • Posts: 2361

Yes, PowerMTA supports keys larger than 1024.  The impact is really just relative to the situation; based on message size, key size, speed and # of CPUs, and amount of headroom in your CPUs.
Logged
Port25-Admin1
------------------
Try the following commands:
Quote
pmta show topdomains --errors
pmta show topqueues --errors
pmta --help

When PowerMTA won't start use:
Quote
pmtad --debug
When all else fails-->support@port25.com