Bug #107
Billing e-mails are DKIM signed with a weak key
| Status: | Closed | Start: | 2013-09-05 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Votes: | 0 |
Description
Billing e-mails are DKIM signed with a weak (too small) key. See
http://www.kb.cert.org/vuls/id/268267Gmail treats e-mails signed with less than 1024-bit keys as unsigned:
https://support.google.com/mail/answer/180707?hl=enand so does OpenDKIM, by default (from version 2.6.8):
Authentication-Results: foo.example.net; dkim=permerror
reason="verification error: signing key too small; insecure key"
header.d=bitfolk.com header.i=@bitfolk.com header.b=T5zEhgDB;
dkim-adsp=none (insecure policy); dkim-atps=neutral
History
Updated by admin over 11 years ago
I think I've fixed this now. Can you have a look, when you get your next email from bitfolk.com?
Thanks for bringing this to my attention!
Updated by vinaigre over 11 years ago
The last e-mail was DKIM signed with a 2048-bit key, and passed verification by OpenDKIM.
Updated by admin over 11 years ago
- Status changed from New to Closed