On 01/16/09 15:46, Barry Finkel wrote:
Note that Mailman has taken the existing three-part MIME structure
(plain-text body, HTML-formatted body, and digital signature) and
instead of placing the list footer as a fourth part in the same MIME
structure, Mailman has created a new two-part MIME structure with
the original three-part MIME structure as a first part and the list
footer as a second part. While this resulting structure is valid
MIME-encoding (I think), the result is that the initial header lines
<snip>
are not at the beginning of the MIME structure. I believe that this
is causing the mail to appear as an unsigned mail message. I have just
begun reading "S/MIME 3.1" RFC 3851, and my initial quick reading
leads me to believe that this
Content-Type: multipart/signed;
header line needs to appear in the first part of the MIME headers
and not within a subsidiary MIME header.
If I recall correctly, S/MIME signed messages are exactly that, signed
/messages/ as in the entirety of the email (short of some headers). As
such, any form of altering the message will break the S/MIME signature.
Is there a reason why Mailman does not place the list footer as a
fourth section in the existing MIME structure? Thanks.
I think the more proper thing would be for something (Mailman or it's
MTA interface / handler) to validate S/MIME signed messages and process
them before passing them on. I think that if a message has been signed
and it has been altered in transport, the fact that it failed
authentication should either be noted or the entire message should be
rejected out right. Which ever your preference is, I think this issue
is really a larger mailing list manager conceptual issue than just
something that Mailman is or is not doing.
I think a similar mentality applies to S/MIME encrypted (as opposed to
signed) messages too.
Grant. . . .
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
