On 1/19/2015 3:09 PM, SM wrote:
> At 09:45 11-01-2015, Benny Pedersen wrote:
>> bug created, https://sourceforge.net/p/opendkim/bugs/215/
>
> Please see https://www.kb.cert.org/vuls/id/268267
The statement that: "The standard does not require Verifiers to reject
signatures made by keys with fewer than 1024 bits, however Verifiers may
distinguish between e.g. signatures made with 512-bit keys or 1024 bit
keys." leads me to believe that it is better the job of the DKIM test to
verify if the signature matches and then the job of SA to implement
whether we want to penalize weak signatures.
If someone can come up with a rule/code needed to identify the bit
length of the signing key in SA, we can then document it for
consideration for scoring.
regards,
KAM
Received on Tue Jan 20 2015 - 11:58:33 PST