Re: verification error: empty key record; insecure key

From: Scott Kitterman <ietf-dkim_at_kitterman.com>
Date: Fri, 17 Aug 2012 14:16:47 -0400

On Friday, August 17, 2012 10:47:00 AM SM wrote:
> At 10:33 17-08-2012, Benny Pedersen wrote:
> >Message-ID: <1367995.li6hrOxpKc_at_scott-latitude-e6320>
>
> message has signatures from ietf.org, kitterman.com
>
> dkim=pass\n\treason="1024-bit key; insecure key"
> header.i=_at_ietf.org\n\theader.b=TopKedBY; dkim-adsp=none (insecure policy)
>
> s=ietf1 d=ietf.org SSL error:04091068:rsa
> routines:INT_RSA_VERIFY:bad signature
>
> That last entry should be for the prior DKIM signature which was
> invalidated as it passed through the mailing list, I
> presume. Anyway, there is something odd in the above.

The original mail was signed with opendkim and should, based on all my tests,
have been properly signed. Most IETF lists munge mail in some way, so I'm not
at all suprised the kitterman.com signature failed to verify.

I'm cc'ing you on this mail so you'll have a direct mail from me to use for
comparison.

Scott K
Received on Fri Aug 17 2012 - 18:17:01 PST