On Wed, Oct 24, 2012 at 1:04 PM, Murray S. Kucherawy <msk_at_blackops.org> wrote:
> There has been a lot of press today about weak DKIM keys in production. For
> example:
>
> http://www.kb.cert.org/vuls/id/268267
> http://www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread
>
> libopendkim has, since its very earliest versions (and going back into its
> life as "libdkim"), it has included an accessor function that allows the
> caller to ask for the size of the key used to generate the signature. This
> means users of the library can already selectively ignore signatures
> generated with weak keys, without the need for a patch to the library. (You
> might not yet be using the accessor, but it is available to you.)
>
> The filter has not, however, made use of this other than for logging.
> Moreover, there's nothing preventing one from generating signatures with
> weak keys, other than documentation.
>
> As of 2.7.0, there will be a (configurable) minimum key size of 1024 both
> for signing and verifying; received signatures that don't meet the limit
> will not be able to pass, and giving the library a key that doesn't meet the
> minimum will result in an error.
Someone actually added this as a feature for me to add to the
Fedora/RHEL package in Bugzilla. So the next version of the package
based on 2.7.0 will default to the 1024 keysize.
SJ
Received on Thu Oct 25 2012 - 20:59:12 PST