[Mailman-Developers] dkim-signature headers
mat at cisco.com
Thu Feb 1 17:54:25 CET 2007
I'm one of the authors of the DKIM protocol and it recently came to
my attention that you've recently changed mailman to remove DK and
DKIM signature headers when you remail the message. This is incorrect
in Section 4:
Signers SHOULD NOT remove any DKIM-Signature header fields from
messages they are
signing, even if they know that the signatures cannot be verified.
This actually applies to everybody. There are several reasons for this.
is that DKIM allows you to specify the length of a body so it is not the
a priori that mailman will destroy the signature. Second, other
be applied to make mailing list traversal even better such as using the
to determine whether trivial subject modifications have been made. Third and
probably most important is that removing the signature is actually
than helpful: a broken signature and a missing signature MUST be treated as
equivalent to no signature at all (lest an attacker just add a fake
header to get preferential treatment), and as above the verifier loses
to recover the signature.
Just as an FYI, we have deployed DKIM across all of Cisco and our successful
mailing list traversal rate is about 99% -- a large percentage of which
mailman lists. By making this change, you've taken the verify rate from
0% in one swell foop. Not good.
More information about the Mailman-Developers