Bug#961472: libmail-dkim-perl: dkimproxy-sign breaks RFC with hardcoded deprecated signing algo
Christer Mjellem Strand
dilldall at bjork.org
Sun May 24 23:03:39 BST 2020
[..]
> While ideally the user should be allowed to choose, if it is going to
> be hardcoded, at least the hardcoded value should be SHA-256 rather
> than SHA-1. The supplied patch addresses this, and I would appreciate
> if it could be applied.
Actually, looking a bit more closely at the code, it turns out the user
*is* allowed to choose, by applying the --algorithm argument. This,
however, appears entirely undocumented, as there's no mention of it in
neither the man page nor with dkimproxy-sign --help. I suppose that's
worthy of another report, as there are apparently a slew of
undocumented arguments:
my $type = "dkim";
my $selector = "selector1";
my $algorithm = "rsa-sha1";
my $method = "simple";
my $domain; # undef => auto-select domain
my $expiration;
my $identity;
my $key_file = "private.key";
my $key_protocol;
my @extra_tag;
my $debug_canonicalization;
my $binary;
my $help;
I still think the patch should be applied, though (even with its
mis-spelled name..), as it at least updates the default to a sane and
RFC-conformant level.
Cheers
--
Christer Mjellem Strand
System Administrator
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 512 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20200525/53eeeebf/attachment.sig>
More information about the pkg-perl-maintainers
mailing list