https://bugs.exim.org/show_bug.cgi?id=2186
Bug ID: 2186
Summary: DKIM: restrict permissible algo & keysize for
verification
Product: Exim
Version: 4.88
Hardware: All
OS: All
Status: NEW
Severity: wishlist
Priority: medium
Component: DKIM
Assignee: tom@???
Reporter: jgh146exb@???
CC: exim-dev@???
There's an IETF draft under discussion which updates the DKIM standards to
disallow rsa_sha1 and key-sizes under 1024 bits.
draft-ietf-dcrup-dkim-usage-04.
We should provide means, probably in the dkim acl, to say that a verification
failed for local policy reasons. At present the only DKIM-related actions
are logging and the possible (via result of the dkim acl) rejection of the
mail.
We need a way of forcing failure of the verify. This would be more flexible
than separate options for specifying allowable algorithms and allowable key
sizes. We might also consider a logging option to replace the current
separate-and-verbose verify log line with a single tag in the <= line.
--
You are receiving this mail because:
You are on the CC list for the bug.
