Interesting, when I looked at the header of an email from Facebook, I found the DKIM Sigature as follows:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=facebookmail.com;
s=s1024-2011-q2; t=1378874220;
bh=RZqavvVaT/9/C1fdtvELn/vrEJC9Q5C/X8tnCwdRrhs=;
h=Date:To:From:Subject:MIME-Version:Content-Type;
b=FXKVjd7kn/lF5PnDTngllmI72AJ+iuHIFLmoFhUJMGsN1NBbcLkSNctqB12hYBBUN
eJknvOHvvqRNEliiZATpKHORQoaR8EGGZNTdCVkbsMZj9xTW+pPH4HZgfH4yk3IzQz
O4gK1bnIXD7k5aI+ndToMPeoj676W6PO6Hr4hpnY=
The selector is named as s-1024-2011-q2. Well, I can understand 1024 bits is used and the key has been in service since Q2 of 2011. Facebook has not changed the key pair for over three years. It is a bad and unacceptable security practice !
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=facebookmail.com;
s=s1024-2011-q2; t=1378874220;
bh=RZqavvVaT/9/C1fdtvELn/vrEJC9Q5C/X8tnCwdRrhs=;
h=Date:To:From:Subject:MIME-Version:Content-Type;
b=FXKVjd7kn/lF5PnDTngllmI72AJ+iuHIFLmoFhUJMGsN1NBbcLkSNctqB12hYBBUN
eJknvOHvvqRNEliiZATpKHORQoaR8EGGZNTdCVkbsMZj9xTW+pPH4HZgfH4yk3IzQz
O4gK1bnIXD7k5aI+ndToMPeoj676W6PO6Hr4hpnY=
The selector is named as s-1024-2011-q2. Well, I can understand 1024 bits is used and the key has been in service since Q2 of 2011. Facebook has not changed the key pair for over three years. It is a bad and unacceptable security practice !
No comments:
Post a Comment