Re: Question on DKIM signature
On Mon, Aug 16, 2021 at 03:38:01PM +0200, Matus UHLAR - fantomas wrote: > On 16.08.21 21:11, Ken N wrote: > > Thank you for providing the details. > > That make things clear. > > > On 2021/8/16 6:26 下午, raf wrote: > > > DKIM signatures should include the entire body, and > > > some headers. The RFC only requires that the From: > > > header be included, but it lists some "common examples" > > > of headers that get included (Section 5.4.1): > > > >List-Id, List-Help, List-Unsubscribe, List-Subscribe, > > >List-Post, List-Owner, List-Archive > > Just note that you should not sign these headers unless you run mailing > list and set these headers > Otherwise, your messages to mailing list won't be DKIM safe. > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > "Where do you want to go to die?" [Microsoft] Yes. If you actually signed them when they weren't there, that would be "oversigning" and cause any later addition to render the signature invalid. But OpenDKIM does't sign a header just because it's in the list of headers to sign. They are in OpenDKIM's default list, but it only signs them (and only names them in the list of signed headers (h=) in the DKIM-Signature header) if they are actually present. So, when sending an email to a mailing list, they aren't signed because they're not there yet, but if the mailing list wants to DKIM-sign mails itself (using OpenDKIM), then they would be included in the signature. At least, that's what I think would happen. P.S. I just found the actual default list used by OpenDKIM in its source code, and it is all the "common examples" listed in the RFC as well as one extra: Resent-Sender Which makes sense with all the other Resent-* headers. cheers, raf
Re: Question on DKIM signature
On 16.08.21 21:11, Ken N wrote: Thank you for providing the details. That make things clear. On 2021/8/16 6:26 下午, raf wrote: DKIM signatures should include the entire body, and some headers. The RFC only requires that the From: header be included, but it lists some "common examples" of headers that get included (Section 5.4.1): List-Id, List-Help, List-Unsubscribe, List-Subscribe, List-Post, List-Owner, List-Archive Just note that you should not sign these headers unless you run mailing list and set these headers Otherwise, your messages to mailing list won't be DKIM safe. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Where do you want to go to die?" [Microsoft]
Re: Question on DKIM signature
Raf Thank you for providing the details. That make things clear. Regards. On 2021/8/16 6:26 下午, raf wrote: On Mon, Aug 16, 2021 at 05:21:15PM +0800, Ken N wrote: I was reading this blog posting: https://www.alexblackie.com/articles/email-authenticity-dkim-spf-dmarc/ But I am confused that, what content should DKIM signature for? The message body or headers? what headers should be signed? Thank you. Hi Ken, DKIM is defined in RFC 6376: https://tools.ietf.org/html/rfc6376 (Internet Standard) DKIM signatures should include the entire body, and some headers. The RFC only requires that the From: header be included, but it lists some "common examples" of headers that get included (Section 5.4.1): From, Reply-To, Subject, Date, To, Cc, Resent-Date, Resent-From, Resent-To, Resent-Cc, In-Reply-To, References, List-Id, List-Help, List-Unsubscribe, List-Subscribe, List-Post, List-Owner, List-Archive I think this is the default list used by OpenDKIM. The RFC also suggest others such as: Content-* But that's mainly if only some, but not all, of the body is signed. That's not recommended, but it's been known to happen. In addition to that, it's a good idea to "oversign" some headers which is a mechanism to make sure that nobody maliciously adds an additional instance of a signed header. Without oversigning, an extra instance of a header wouldn't invalidate a DKIM signature, but it might be visible to the recipient, and therefore be misleading. Oversigning makes sure that that won't happen without invalidating the DKIM signature and getting noticed. Usually, the only header that is oversigned is: From Because it's the most important. But there's one school of thought that says that all headers that are visible to the user should be oversigned, e.g.: From, To, Cc, Subject, Date See here for that school of thought: Breaking DKIM - on Purpose and by Chance https://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html And see here for a counterargument: Breaking DKIM? Or simply misunderstanding how it works in practice https://www.valimail.com/blog/breaking-dkim-or-simply-misunderstanding-how-it-works-in-practice/ OpenDKIM at least always checks for multiple occurrences of any header that should only appear once. Perhaps all DKIM validators do that these days. Let's hope so. Also bear in mind that SPF is fragile ("broken" by all mail forwarding and some mailing lists), DKIM is as well but less so (broken by some mailing lists), and DMARC is very fragile (broken by the above and when it decides that the above don't apply). And so they needed to invent another layer on top of it all: Authenticated Received Chain (ARC): https://tools.ietf.org/html/rfc8617 (Experimental) I think at this stage, it's safe to say that it's getting out of hand. :-) I suppose there's no problem in computer science that can't be solved by adding another layer of cryptographic indirection. :-) cheers, raf
Re: Question on DKIM signature
On 2021-08-16 11:21, Ken N wrote: I was reading this blog posting: https://www.alexblackie.com/articles/email-authenticity-dkim-spf-dmarc/ But I am confused that, what content should DKIM signature for? The message body or headers? what headers should be signed? its safe ti see dkimpy as a good reference on headers that is safe to sign i use fuglu where defaults is Date, From, To, Subject nothing more, other implentions can use more, but its not safe allways to use more signed headers https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1762059.html hopefully 8bitmime is disabled before signing, so the signed content is always 7bit only reference amavisd- dkim signing howto https://www.ietf.org/rfc/rfc6376.txt section 5.3
Re: Question on DKIM signature
On Mon, Aug 16, 2021 at 05:21:15PM +0800, Ken N wrote: > I was reading this blog posting: > https://www.alexblackie.com/articles/email-authenticity-dkim-spf-dmarc/ > > But I am confused that, what content should DKIM signature for? > The message body or headers? what headers should be signed? > > Thank you. Hi Ken, DKIM is defined in RFC 6376: https://tools.ietf.org/html/rfc6376 (Internet Standard) DKIM signatures should include the entire body, and some headers. The RFC only requires that the From: header be included, but it lists some "common examples" of headers that get included (Section 5.4.1): From, Reply-To, Subject, Date, To, Cc, Resent-Date, Resent-From, Resent-To, Resent-Cc, In-Reply-To, References, List-Id, List-Help, List-Unsubscribe, List-Subscribe, List-Post, List-Owner, List-Archive I think this is the default list used by OpenDKIM. The RFC also suggest others such as: Content-* But that's mainly if only some, but not all, of the body is signed. That's not recommended, but it's been known to happen. In addition to that, it's a good idea to "oversign" some headers which is a mechanism to make sure that nobody maliciously adds an additional instance of a signed header. Without oversigning, an extra instance of a header wouldn't invalidate a DKIM signature, but it might be visible to the recipient, and therefore be misleading. Oversigning makes sure that that won't happen without invalidating the DKIM signature and getting noticed. Usually, the only header that is oversigned is: From Because it's the most important. But there's one school of thought that says that all headers that are visible to the user should be oversigned, e.g.: From, To, Cc, Subject, Date See here for that school of thought: Breaking DKIM - on Purpose and by Chance https://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html And see here for a counterargument: Breaking DKIM? Or simply misunderstanding how it works in practice https://www.valimail.com/blog/breaking-dkim-or-simply-misunderstanding-how-it-works-in-practice/ OpenDKIM at least always checks for multiple occurrences of any header that should only appear once. Perhaps all DKIM validators do that these days. Let's hope so. Also bear in mind that SPF is fragile ("broken" by all mail forwarding and some mailing lists), DKIM is as well but less so (broken by some mailing lists), and DMARC is very fragile (broken by the above and when it decides that the above don't apply). And so they needed to invent another layer on top of it all: Authenticated Received Chain (ARC): https://tools.ietf.org/html/rfc8617 (Experimental) I think at this stage, it's safe to say that it's getting out of hand. :-) I suppose there's no problem in computer science that can't be solved by adding another layer of cryptographic indirection. :-) cheers, raf
Re: Question on DKIM signature
On 16.08.21 17:21, Ken N wrote: I was reading this blog posting: https://www.alexblackie.com/articles/email-authenticity-dkim-spf-dmarc/ But I am confused that, what content should DKIM signature for? any content you don't want to be nodified The message body or headers? what headers should be signed? body and headers that should not be modified (some are modified in transfer, don't sign those) It's a bit tricky with mailing lists. Some add signature to body, that should be handled by the mailing lists. From/To/Cc/Subject/Date/Message-Id should be safe. Sender is unsafe with mailing lists. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners is fast reflexes.
Re: Question on DKIM signature
On 16/08/2021 10:21, Ken N wrote: I was reading this blog posting: https://www.alexblackie.com/articles/email-authenticity-dkim-spf-dmarc/ But I am confused that, what content should DKIM signature for? The message body or headers? what headers should be signed? The body is always included for signing. For headers: if you want the technical answer look at RFC6376, Section 5.4. If you use opendkim you don't need to worry; by default it signs based on the RFC's suggested headers (and the body), though for safety you should also set 'OversignHeaders From'. Signing for more headers than suggested in the RFC may seem 'safer' but is more likely to cause FPs because the other headers can be changed legitimately by a relaying mail server. And, in my opinion, using DKIM without DMARC is of limited value.