Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

opendkim: Create 2048 bit keys be default #369502

Open
ismell opened this issue Dec 30, 2024 · 0 comments
Open

opendkim: Create 2048 bit keys be default #369502

ismell opened this issue Dec 30, 2024 · 0 comments
Labels
0.kind: bug Something is broken

Comments

@ismell
Copy link

ismell commented Dec 30, 2024

The opendkim package will create a default key if one is not found:
https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/mail/opendkim.nix#L136

We should pass in the -b 2028 argument to generate more secure keys by default.

See https://sendgrid.com/en-us/blog/2048-bit-dkim-keys for the recommendation.

We could also make the key length configurable if we thought it was necessary.
@ismell ismell added the 0.kind: bug Something is broken label Dec 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0.kind: bug Something is broken
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ismell