Package: libdkim Version: 1:1.0.21-3 Severity: important Tags: upstream The IETF recently published updated guidance on minimum RSA key sizes for use with DKIM[1]. I decided to check in Debian to see what packages might need to be updated as a result. I've looked and I can't find where libdkim checks the key size at all. This is a security concern since it allows trivially factorable keys to produce apparently valid signatures (just last year I ran into a consulting client with a 384 bit key that was surprised his DKIM wasn't working very well anymore).
Given this looks pretty dead upstream and only has one user, I'm not sure what the best approach to resolve this is, but I do think it's concerning. Scott K [1] https://tools.ietf.org/html/rfc8301