OpenDKIM icon indicating copy to clipboard operation
OpenDKIM copied to clipboard

Published 20 hours ago verified publisher icon trusteddomainproject

force sha256 as sha1 is deprecated anyway

Open andreasschulze opened this issue 5 years ago • 6 comments

replaces PR #77

andreasschulze avatar Jun 21 '20 12:06 andreasschulze

There are other supported hashalgs than sha256. Although SHA1 is deprecated, forcing SHA256 will cause issues for some builds and distributions. I feel that this should be configurable. Passing this onto Murray for review.

martinbogo avatar Aug 21 '20 14:08 martinbogo

@martinbogo I wonder, which "other supported hashalgs" you've in mind. I checked the IANA registry that list only sha1 (historic) and sha256 (active)

But it may be possible, other hashalgs are in the "ietf-pipeline" ...

andreasschulze avatar Oct 11 '20 10:10 andreasschulze

@martinbogo I wonder, which "other supported hashalgs" you've in mind. I checked the IANA registry that list only sha1 (historic) and sha256 (active)

RFC 8463 (which indeed updates RFC6376 you mentioned) specifies ed25519 and at least dkimpy-milter appears to support it.

ckujau avatar Oct 16 '20 14:10 ckujau

Forcing SHA256 is not our responsibility. Configuring security by breaking configurations on upgrade is not the way the TDP does things. If the crypto libraries remove SHA1 then we will remove it from TDP. In the meantime, if you want to emit a "stern warning" into the debug output at the "error/warning" level that's about all I'll consider at the moment.

martinbogo avatar Oct 16 '20 14:10 martinbogo

There may be old installations running an old enough OpenSSL library that all they have is SHA1. This PR won't break the filter or the library but it will make "opendkim-genzone" unable to produce something workable for that use case. If the goal is to nudge people toward upgrading, this feels like a weak gesture. I concur with the advice about showing warnings in the face of SHA1 use, except when that's the only algorithm available in which case the warning wouldn't be helpful.

mskucherawy avatar Oct 29 '20 03:10 mskucherawy

I learned this change would create an incomatible change. We like to avoid breaking changes. OK.

@mskucherawy I've no detailed idea how to determine "SHA1 use, except when that's the only algorithm" which I reword to "SHA1 use if better algorithms are available"?

"h=sha256" in the public keys DNS record is like a policy advise to a validator. It does not require the signer to use "SignatureAlgorithm rsa-sha256" in opendkim.conf. I currently dont see the correlation !? Hints welcome :-)

andreasschulze avatar Oct 30 '20 18:10 andreasschulze