Re: Bug#543150: ITP: pdkim -- cryptographically identify the sender of email
On 2009-08-23 Magnus Holmgren <email@example.com> wrote:
> On lördagen den 22 augusti 2009, Aaron M. Ucko wrote:
>> Magnus Holmgren <firstname.lastname@example.org> writes:
>>> * Self-contained, no dependencies (except libc), thanks to code
>>> included from the PolarSSL project.
>> From a Debian perspective, that's a policy violation, not a feature!
>> Please arrange for it to use an external PolarSSL installation.
> I know and agree and will talk to Tom about this. PolarSSL currently only
> provides a static library however, which is also not good.
I am somehow also not happy with a situation where any given exim
installation would end linked dynamically (indirectly) against at least
two full blown ssl libraries (OpenSSL or GnuTLS for STARTTLS, polarssl
On a sidenote, is the cause for this ITP just exim or is general
interest in this library?
> AFAICT pdkim "borrows" the code needed to implement DKIM (i.e. RSA, SHA-1
Afaiui this "gnulib style" usage of polarssl by picking a handful of
files is supported upstream.
| All symmetric and hashing algorithms are not coupled to any other file
| and can thus be easily integrated into existing projects.
> but I haven't checked whether Tom has made any modifications to it.
pdkim.(c|h) is new code, all the rest is basically unmodified from
polarssl (stripped out selftest, disabled #include "polarssl/config.h"
+ check for #if defined(POLARSSL_....), except for rsa.(h|c).
The latter contains the two newly written functions
rsa_parse_public_key and rsa_parse_key which require asn1_get_tag and
asn1_get_mpi. Sadly these asn_... functions are not (yet?) part of
polarssl's public API. (They are part of x509parse.c). Which is why
Tom has copied their sourcecode into rsa.(h|c).
I agree that all this should at least be separared clearly (like
gnulib/) in the pdkim distributions, be it just for easy updates.
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'