From eb88e2651a67fdc8b616c0ae3d4963d49d4dcf13 Mon Sep 17 00:00:00 2001
From: Mechiel Lukkien <mechiel@ueber.net>
Date: Mon, 13 Jan 2025 10:35:25 +0100
Subject: [PATCH] dkim: add reference to rfc that says not to accept rsa keys <
 1024 bits

saw it mentioned on HN recently
---
 dkim/dkim.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dkim/dkim.go b/dkim/dkim.go
index d4f8705..d4ccf0e 100644
--- a/dkim/dkim.go
+++ b/dkim/dkim.go
@@ -548,7 +548,7 @@ func verifySignatureRecord(r *Record, sig *Sig, hash crypto.Hash, canonHeaderSim
 	if r.PublicKey == nil {
 		return StatusPermerror, ErrKeyRevoked
 	} else if rsaKey, ok := r.PublicKey.(*rsa.PublicKey); ok && rsaKey.N.BitLen() < 1024 {
-		// todo: find a reference that supports this.
+		// ../rfc/8301:157
 		return StatusPermerror, ErrWeakKey
 	}