At 13:31 04-03-2008, Murray S. Kucherawy wrote: >Ah, you're right. I suppose if I am to enforce the spec in software, the >filter should force itself into sign-only mode if only SHA1 is available. > >Is this a good idea?
As the RFC specifies that verifiers MUST support "rsa-sha256", it may be a good idea to test for that and fall back to sign-only mode with the appropriate warning. This requirement shouldn't be a problem as it is possible to install a separate OpenSSL version and compile against it if the operating system does not include OpenSSL version 0.9.8 or later. Regards, -sm ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
