On 01/20/09 03:46, Stephen J. Turnbull wrote:
This isn't really relevant to Mailman, though. MIME messages are by design recursively structured, and MUAs that claim to support S/MIME should be able to handle recursive structure. The only responsibility Mailman has or should accept is to encapsulate signed bodies verbatim so as not to break the signature.
I'll agree with you on Mailman's responsibility. However in 10+ years of computer work I can assure you that there is quite a bit of software out there that /claims/ to do something but falls short of that claim. ;)
The user should put in an RFE for your MUA if that extra effort bothers him. If he hasn't validated the signature himself, he has to assume that it is invalid. This is not a task that can be delegated to mailing list software.
RFE? I also don't understand how this task (technically) can not be delegated to the mailing list software. Though I will concede that the task is very much likely out side of the scope of the mailing list software, thus unlikely to happen.
Please, no. That's an open invitation to phishing. To prevent it robustly, Mailman would have to remove signatures that it can't validate, otherwise a message could be crafted to look like one that was validated by Mailman. But that is clearly the wrong thing to do, as the recipient might be able to validate signatures that Mailman cannot.
I fail to see how this is an open invitation to phishing. Further I fail to see how Mailman (presuming it had access to OpenSSL's tool set) would not be able to validate standard S/MIME signatures. As S/MIME signatures are validated all the time by MUAs that had no prior knowledge of the public key of the sender. Encryption on the other hand requires prior knowledge. Thus I believe that it is possible for a mail handling program to take any S/MIME signed message and test the signed message to make sure that it was not altered.
If you are worried about someone spoofing messages that Mailman would send, that should be simple to solve by having Mailman S/MIME sign its signatures. In my head this means that you now have verification that what Mailman sent was 1) not modified and 2) was indeed sent by Mailman. At least you have assurances that the message was sent by Mailman in so far as S/MIME can assure. (We can substitute PGP for S/MIME and still continue the discussion.)
Grant. . . . ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
