[enhancement]: Ignore DKIM signatures made with <1024-bit RSA keys #1068
Description
Which feature or improvement would you like to request?
I'd like to see Stalwart ignore RSA DKIM keys that are shorter than 1024-bits in length due to the relative insecurity of keys shorter than that.
It is quite known that for example 512-bit keys are utterly broken by now. It would also make sense to ignore keys shorter than currently publicly known factored ones, so <=~900-bit keys. (The current largest completed RSA Factoring Challenge was 829-bits long.) As 900 is a relatively weird number it would make sense to rise the limit to a number currently (barely) accepted, so 1024-bits.
I tried to quickly skim the source code to see if there are checks against that currently, but I couldn't find anything concrete.
I will also mention that NIST wants to forbid <2048-bit RSA keys by 2030, RSA altogether by 2035. So it might sense to also warn about 1024-bit keys when they're seen.
Code of Conduct
- I agree to follow this project's Code of Conduct