On Tue, Mar 04, 2008 at 01:31:10PM -0800, Murray S. Kucherawy <[EMAIL PROTECTED]> wrote: > Ah, you're right. I suppose if I am to enforce the spec in software, the > filter should force itself into sign-only mode if only SHA1 is available. > > Is this a good idea?
That strikes me as a little nannyish -- and not just because I'm still running against OpenSSL 0.9.7, since I'm still on Debian Sarge until I get a chance to upgrade and I want my package to continue working on other such installs for the time being. A warning at compile- and run-time is entirely reasonable. Refusing to verify is also reasonable, assuming the administrator has an option to override that. Creating such an option may well not be worth the (likely small) effort required, though, since the problem will only shrink. -- Mike Markley <[EMAIL PROTECTED]> You're dead, Jim. - McCoy, "Amok Time", stardate 3372.7 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
