On Tue, Feb 24, 2015 at 2:08 PM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
Equally important: What would it do to sign a message that's not MIME to begin with? Could it be compelled to turn it into a MIME message, perhaps treating the original as a single-part text/plain message and doing the same wrapping I described?
Mailman doesn't usually sign messages. What kind of signatures are you asking about?
Sorry, by "sign" I meant "add a footer". I probably said "sign" because this is related to some DKIM work I've been planning, and the morning's caffeine was already wearing off.
Thanks for that detailed answer (and Barry for his followup). It's precisely what I was looking for.
How absurd would it be to propose a flag for Mailman that would take your first case (non-MIME, or single-part text/plain) and convert it to a multipart/mixed with a child part of the original text/plain, and then apply the algorithm you have?
The impetus here is DKIM survivability across lists. Suppose we had a DKIM canonicalization that was MIME-aware, so that it could sign the specific MIME parts or sets of parts. That signature would fail on the message as a whole -- with the footer part added -- but could in theory pass if an appended part were omitted from canonicalization. To put it in context, suppose there were a DKIM canonicalization where the signer signed (using your examples) the CDE message; the receiver gets FGHI which fails, but also has enough information to know that merely verifying FGH will pass; it then knows that FGH was "legitimate" and I was added post-signing, and may or may not be "safe" (for some value thereof) content.
What I'm worried about with such a design is the trivial text/plain message. Obviously merely appending the footer destroys any hope of validating only the original content. We'd have to entertain the idea that Mailman would make the simple message into a multipart/mixed + text/plain, then append the footer part and sign that; the verifier would drop the footer and then strip off the MIME to see if it can verify the original signature that way. That seems like its easy to get wrong, though it's likely to be a very common case.
-MSK