[exim-dev] [Bug 2186] New: DKIM: restrict permissible algo &…

Pàgina inicial
Delete this message
Reply to this message
Autor: admin
Data:  
A: exim-dev
Assumpte: [exim-dev] [Bug 2186] New: DKIM: restrict permissible algo & keysize for verification
https://bugs.exim.org/show_bug.cgi?id=2186

            Bug ID: 2186
           Summary: DKIM: restrict permissible algo & keysize for
                    verification
           Product: Exim
           Version: 4.88
          Hardware: All
                OS: All
            Status: NEW
          Severity: wishlist
          Priority: medium
         Component: DKIM
          Assignee: tom@???
          Reporter: jgh146exb@???
                CC: exim-dev@???


There's an IETF draft under discussion which updates the DKIM standards to
disallow rsa_sha1 and key-sizes under 1024 bits.
draft-ietf-dcrup-dkim-usage-04.

We should provide means, probably in the dkim acl, to say that a verification
failed for local policy reasons. At present the only DKIM-related actions
are logging and the possible (via result of the dkim acl) rejection of the
mail.

We need a way of forcing failure of the verify. This would be more flexible
than separate options for specifying allowable algorithms and allowable key
sizes. We might also consider a logging option to replace the current
separate-and-verbose verify log line with a single tag in the <= line.

--
You are receiving this mail because:
You are on the CC list for the bug.