Hello,
> > I've managed to add the sha1 algorithm as implemented in the OpenSSL
> > library to my dbmail, along with the '{sha1:}' and '{sha1}' password
> > prefixes in dbmail-adduser for mode "a". (I don't have SHA support in
> > mode "c" as of yet). I /was/ going to try to make it all clean and
> > nice and offer it as a full patch set, but I've been having problems
> > finding my way through the generation of the top-level Makefile, so I
What do you need to do there? If just checking for the openssl library,
look at using AC_CHECK_LIB in acinclude.m4 (eg. look at the SIEVE stuff
in dbmail 2.x, it's pretty short and clean).
> > decided to see if:
> >
> > 1) Anyone else is even interested in this
Yes, it should get added at some point.
> I think this is a Good Thing. I've personally wanted MD5 as a password
> option because I don't trust crypt (DES), but SHA1 will do just fine by
> me. If you introduce it, I'll use it.
There is md5 hash and digest support in dbmail, if you were under the
belief that it was missing.
> The only question for me is exports; if you are in the US like me, it
> might be illegal to submit the patch to IC&S, them being in NL, due to
> our lovely military munitions export controls. I don't know whether SHA
> is export-safe or not. If not, you might just have to have the patch
> file on your website forever with a Big Fat Disclaimer forbidding
> "far-ners" from downloading it.
This shouldn't be a problem - restrictions are on exporting encryption
technology, ie. the encryption library itsself, not software that makes
use of it.
> > 3) It's worth doing in the 1.x tree at this point, or whether I should
> > be doing this work in 2.0?
>
>
> Why not both? Unless 2.0 is drastically different, it might not be much
> extra work. My hosting company will be on 1.2 until bugfixes,
> attractive new features (such as this), or an end-of-life prompt me to
> go to 2.0.
1.2.x is feature-frozen, so I'd guess it would not be accepted there.
The database layers are different between 1.2 and 2.x, so that part would
have to be different in both cases. I'd think just do 2.x.
As for increasing the password field length to 40 chars - it probably
won't be long till even more are needed. We might want to make that 64
right now.
I'm Cc:'ing this to the dbmail-dev list, this sort of discussion really
belongs there. Thanks for the work, and hang in there - I don't know of
any autoconf experts on the dev list, but there are a few folks who have
done enough with it to get what they needed done.
Jesse
--
Jesse Norell
[EMAIL PROTECTED] is not my email address;
change "administrator" to my first name.
--
