#153 "insecure key" message confusing

opendkim (95)


We've discussed this on the mailing list, but I couldn't find a bug for it. Most people (me included) seem to associate "insecure key" with the key not being adequate to be secure, not with the tranport of the key not being secured via DNSSEC. Perhaps the current "insecure key" comment could be "key retrieval not secure" and an key shorter than 1024 bits could be reported as "insecure key length" to make the distinction clear. In any case, please change the existing DNSSEC related comment as it's confusing people.


  • Murray S. Kucherawy

    • priority: 5 --> 6
  • Murray S. Kucherawy

    • assigned_to: nobody --> cm-msk
  • Murray S. Kucherawy

    Done on "develop" branch for 2.8.0.

  • A. Schulze

    A. Schulze - 2013-01-18

    my preference:
    add only information it key is too short -> "key too small"
    add only information if key is fetched via DNSSEC

  • Murray S. Kucherawy

    Fix for this bug included in new release.

  • Murray S. Kucherawy

    • status: open --> closed-fixed

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks