Hi Michael,
Thanks for writing about this. I suspect many are under the impression
that passing messages through mail lists tended to break DomainKeys and
DKIM (I know I was one, at least back when I was experimenting a lot
with it). In fact, it always seemed to break on my Mailman lists,
leaving what seemed to be a misleading result. It seemed that mail
lists would need to "re-sign" messages as the new sender for it to work
right, and did that not require the old key to be removed? Maybe things
have changed recently, or maybe at least I misunderstood some aspects of it.
If, in fact, there is a way for the two to play well together, I think
that would be great! It would remove one of the big "downsides" of
using DK/DKIM. Since Mailman is one of the (if not *the* most) popular
mail list systems, perhaps you can help Mailman developers to make the
two things better integrated.
I would think/hope there would be a way to increase the
handling/interaction to allow for 100% reliable flow-through of keys.
That would really help DKIM's cause, I think, since so many people use
mailing lists. Is this not theoretically possible if both Mailman and
DKIM obey an understood set of rules? I believe that a solid way to
"fix" this is a lot better than a stochastic one.
As for body length, would that not have to be a "guess"? I mean, short
messages would fail due to the footer, and long ones would not get full
checking (after the set length), right? If so, that sounds like a less
than optimal solution.
I, for one, would love to see the email "accountability" problem solved.
With spam becoming the one thing that could ruin the Internet, we need
all the help we can get. I used DKIM for a while on my own server, but
because of Mailman gotchas, etc. (and maybe these were more a problem of
perception on my part), it seemed too easy to break. Also, with
anything short of near global acceptance, it really seems like a tough
battle, especially when so many are adopting things like SPF, which I
never liked at all. Certainly, resolving the mailing list issue would
be a huge step in the right direction, so consider me an enthusiastic
supporter of your efforts.
-Joe
Michael Thomas wrote:
> Hi all,
>
> I'm one of the authors of the DKIM protocol and it recently came to
> my attention that you've recently changed mailman to remove DK and
> DKIM signature headers when you remail the message. This is incorrect
> behavior:
>
> in Section 4:
>
> Signers SHOULD NOT remove any DKIM-Signature header fields from
> messages they are
> signing, even if they know that the signatures cannot be verified.
>
> This actually applies to everybody. There are several reasons for this.
> First
> is that DKIM allows you to specify the length of a body so it is not the
> case
> a priori that mailman will destroy the signature. Second, other
> heuristics can
> be applied to make mailing list traversal even better such as using the
> z= tag
> to determine whether trivial subject modifications have been made. Third and
> probably most important is that removing the signature is actually
> harmful rather
> than helpful: a broken signature and a missing signature MUST be treated as
> equivalent to no signature at all (lest an attacker just add a fake
> DKIM-signature
> header to get preferential treatment), and as above the verifier loses
> the ability
> to recover the signature.
>
> Just as an FYI, we have deployed DKIM across all of Cisco and our successful
> mailing list traversal rate is about 99% -- a large percentage of which
> are through
> mailman lists. By making this change, you've taken the verify rate from
> 99% to
> 0% in one swell foop. Not good.
>
> Mike
>
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers@python.org
> http://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> Searchable Archives:
> http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe:
> http://mail.python.org/mailman/options/mailman-developers/joe%40skyrush.com
>
> Security Policy:
> http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
>
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
