[Mailman-Developers] dkim-signature headers

Michael Thomas mat at cisco.com
Thu Feb 1 17:54:25 CET 2007

Hi all,

I'm one of the authors of the DKIM protocol and it recently came to
my attention that you've recently changed mailman to remove DK and
DKIM signature headers when you remail the message. This is incorrect

in Section 4:

  Signers SHOULD NOT remove any DKIM-Signature header fields from 
messages they are  
  signing, even if they know that the signatures cannot be verified.

This actually applies to everybody. There are several reasons for this. 
is that DKIM allows you to specify the length of a body so it is not the 
a priori that mailman will destroy the signature. Second, other 
heuristics can
be applied to make mailing list traversal even better such as using the 
z= tag
to determine whether trivial subject modifications have been made. Third and
probably most important is that removing the signature is actually 
harmful rather
than helpful: a broken signature and a missing signature MUST be treated as
equivalent to no signature at all (lest an attacker just add a fake 
header to get preferential treatment), and as above the verifier loses 
the ability
to recover the signature.

Just as an FYI, we have deployed DKIM across all of Cisco and our successful
mailing list traversal rate is about 99% -- a large percentage of which 
are through
mailman lists. By making this change, you've taken the verify rate from 
99% to
0% in one swell foop. Not good.


More information about the Mailman-Developers mailing list