Debian Bug report logs - #697583
opendkim: reports "insecure key" in all AR headers

version graph

Package: opendkim; Maintainer for opendkim is Mike Markley <mike@markley.org>; Source for opendkim is src:opendkim.

Reported by: Teodor <mteodor@gmail.com>

Date: Mon, 7 Jan 2013 09:24:02 UTC

Severity: normal

Found in version opendkim/2.6.8-3

Fixed in version opendkim/2.8.0~beta0-1

Done: Scott Kitterman <debian@kitterman.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, mteodor@gmail.com, Mike Markley <mike@markley.org>:
Bug#697583; Package opendkim. (Mon, 07 Jan 2013 09:24:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Teodor <mteodor@gmail.com>:
New Bug report received and forwarded. Copy sent to mteodor@gmail.com, Mike Markley <mike@markley.org>. (Mon, 07 Jan 2013 09:24:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Teodor <mteodor@gmail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: opendkim: reports "insecure key" in all AR headers
Date: Mon, 07 Jan 2013 02:21:24 -0700
Package: opendkim
Version: 2.6.8-3
Severity: normal

Hi,

I've done multiple tests and both 1024 and 2048-bit keys ar reported
"insecure key" in the Authentication-Results: header.

| Authentication-Results: smtp.DOMAIN; dkim=pass
|   reason="2048-bit key; insecure key"
|   header.d=gmail.com header.i=@gmail.com header.b=0jmPjoQc;
|   dkim-adsp=pass; dkim-atps=neutral

Cheers


-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages opendkim depends on:
ii  adduser         3.113+nmu3
ii  libc6           2.13-37
ii  libdb5.1        5.1.29-5
ii  libldap-2.4-2   2.4.31-1
ii  liblua5.1-0     5.1.5-4
ii  libmilter1.0.1  8.14.4-2.1
ii  libopendkim7    2.6.8-3
ii  libssl1.0.0     1.0.1c-4
ii  libunbound2     1.4.17-2
ii  libvbr2         2.6.8-3
ii  lsb-base        4.1+Debian8

opendkim recommends no packages.

Versions of packages opendkim suggests:
ii  opendkim-tools  2.6.8-3

-- Configuration Files:
/etc/opendkim.conf changed:
Syslog			yes
SyslogSuccess		yes
UMask			002
Domain			mu******.com
KeyFile			/etc/mail/dkim_pa******.key
Selector		pa******
Canonicalization	relaxed/relaxed
SubDomains		yes
OversignHeaders		From
On-BadSignature		tempfail
On-DNSError		accept
Socket			inet:8891@[127.0.0.1]
MilterDebug		3


-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Mike Markley <mike@markley.org>:
Bug#697583; Package opendkim. (Tue, 08 Jan 2013 06:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Scott Kitterman <debian@kitterman.com>:
Extra info received and forwarded to list. Copy sent to Mike Markley <mike@markley.org>. (Tue, 08 Jan 2013 06:57:03 GMT) Full text and rfc822 format available.

Message #10 received at 697583@bugs.debian.org (full text, mbox):

From: Scott Kitterman <debian@kitterman.com>
To: Teodor <mteodor@gmail.com>, 697583@bugs.debian.org
Subject: Re: opendkim: reports "insecure key" in all AR headers
Date: Tue, 08 Jan 2013 01:55:14 -0500
On Monday, January 07, 2013 02:21:24 AM you wrote:
> Package: opendkim
> Version: 2.6.8-3
> Severity: normal
> 
> Hi,
> 
> I've done multiple tests and both 1024 and 2048-bit keys ar reported
> "insecure key" in the Authentication-Results: header.
> 
> | Authentication-Results: smtp.DOMAIN; dkim=pass
> | 
> |   reason="2048-bit key; insecure key"
> |   header.d=gmail.com header.i=@gmail.com header.b=0jmPjoQc;
> |   dkim-adsp=pass; dkim-atps=neutral

I've discussed this with upstream and they agree it's confusing.  Insecure in 
this context is meant to refer to "not secured by DNSSEC", not anything to do 
with the key itself.  I'm not sure what they'll change it too, but I think it 
well get clarified.

Scott K



Marked as fixed in versions opendkim/2.8.0~beta0-1. Request was from Scott Kitterman <scott@kitterman.com> to control@bugs.debian.org. (Thu, 31 Jan 2013 06:03:05 GMT) Full text and rfc822 format available.

Reply sent to Scott Kitterman <debian@kitterman.com>:
You have taken responsibility. (Mon, 01 Apr 2013 17:42:17 GMT) Full text and rfc822 format available.

Notification sent to Teodor <mteodor@gmail.com>:
Bug acknowledged by developer. (Mon, 01 Apr 2013 17:42:17 GMT) Full text and rfc822 format available.

Message #17 received at 697583-done@bugs.debian.org (full text, mbox):

From: Scott Kitterman <debian@kitterman.com>
To: 697583-done@bugs.debian.org
Subject: fixed in unstable
Date: Mon, 01 Apr 2013 13:39:24 -0400



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 03 Jun 2013 09:12:48 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 23:23:04 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.