[..]
While ideally the user should be allowed to choose, if it is going to
be hardcoded, at least the hardcoded value should be SHA-256 rather
than SHA-1. The supplied patch addresses this, and I would appreciate
if it could be applied.
Actually, looking a bit more closely at the code, it
Package: libmail-dkim-perl
Version: 0.54-1
Severity: normal
Dear Maintainer,
This package ships with /usr/bin/dkimproxy-sign, from dkim-proxy, which is
hardcoded to use rsa-sha1 for signing.
Beyond being generally weak, SHA-1 is now explicitly banned for DKIM use by RFC
8301:
"Due to the
2 matches
Mail list logo