dkim: add reference to rfc that says not to accept rsa keys < 1024 bits

saw it mentioned on HN recently
2025-06-28 01:48:15 +03:00 · 2025-01-13 10:35:25 +01:00 · 2025-01-13 10:35:25 +01:00 · eb88e2651a
commit eb88e2651a
parent e5eaf4d46f
1 changed files with 1 additions and 1 deletions
--- a/dkim/dkim.go
+++ b/dkim/dkim.go
@ -548,7 +548,7 @@ func verifySignatureRecord(r *Record, sig *Sig, hash crypto.Hash, canonHeaderSim
 	if r.PublicKey == nil {
 		return StatusPermerror, ErrKeyRevoked
 	} else if rsaKey, ok := r.PublicKey.(*rsa.PublicKey); ok && rsaKey.N.BitLen() < 1024 {
-		// todo: find a reference that supports this.
+		// ../rfc/8301:157
 		return StatusPermerror, ErrWeakKey
 	}