On Thursday 12 November 2009 01:40:00 Roman Gelfand wrote:
> Since we are using openssl with
> publicly available code, wouldn't this be an security hole?
People who exploit code can do so whether the code is publicly available or
not. They usually have the ability to disable code. Public code however is
more review-able and able to be contributed to by non-code exploiters
therefore, theoretically at least, could have a higher security standing.
The openssl code that opendkim uses is hashing and rsa public signature
checking functions. This code has existed for a long time without
vulnerabilities.
The debian packaging of openssl a few years ago did introduce a vulnerability
that resulted in a few weak DKIM keys existing however that's all fixed now.
Received on Wed Nov 11 2009 - 22:56:03 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:19:08 PST