From: Murray S. K. <ms...@se...> - 2008-01-31 00:31:27
|
On Wed, 30 Jan 2008, Mark Martinec wrote: > I still have the keys of different sizes: 1800, 1824, 1872 and 2048 > bits. Attached is a test file, signed with all of them. All four > signatures should be valid. Well, there's good news and there's bad news. The good news is that the patch works. Although the "tc" bit comes back set on large keys, the modified libdkim can tell that the reply was sufficient to complete the verification. _FFR_DNS_UPGRADE is thus not really necessary and will probably be removed for 2.5.0. The bad news is that testing your multiply-signed message revealed a bug in libdkim's handling of multiply-signed messages. I'm working on untangling that next; I already know what the problem is, so now I just have to plan my attack and execute. Thanks, Mark. That's a great test message for this work. -MSK |