Invalid DKIM signatures in this list
Victor Sudakov
vas at mpeks.tomsk.su
Tue Nov 27 16:03:32 UTC 2018
John R. Levine wrote:
>On Tue, 27 Nov 2018, Victor Sudakov wrote:
>> The problem is in FreeBSD's mailing list manager which is broken IMHO.
>
>If you are saying that it's broken because it's not deleting old DKIM
>signtures, I'm sorry, but you're simply mistaken. I helped write the DKIM
>specs so I'm not guessing here.
>
>> See RFC 6377
>>
>> "The best general recommendation for dealing with MLMs is that the MLM
>> or an MTA in the MLM's domain apply its own DKIM signature to each
>> message it forwards and that assessors on the receiving end consider
>> the MLM's domain signature in making their assessments. (See
>> Section 5, especially Section 5.2.)"
>
>I helped write that RFC. It was and is just guessing. While it would
>be a good idea for the lists to add their own signature, they're not
>broken if they don't. And that says nothing about deleting old
>signatures.
With all due respect to you as the co-author of the RFC, it does say
something about deleting old signatures. I'm not quoting for you
(this would be odd) but for the general public here who are reading this thread.
In "5.7. Signature Removal Issues" the document says
"However, if the MLM is configured to make changes to the message
prior to reposting that would invalidate the original signature(s),
further action is RECOMMENDED to prevent invalidated signatures from
arriving at final recipients, possibly triggering unwarranted filter
actions. "
and it mentions
"5. Remove all previously evaluated DKIM signatures;"
as one of the possible solutions (among 5 other suggestions).
and then again:
"Removing the original signature(s) seems particularly appropriate
when the MLM knows it is likely to invalidate any or all of them due
to the nature of the reformatting it will do. "
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20181127/27a7c825/attachment.sig>
More information about the freebsd-questions
mailing list