[Mailman-Developers] dkim-signature headers

Barry Warsaw barry at python.org
Fri Feb 2 05:03:29 CET 2007

Hash: SHA1

On Feb 1, 2007, at 11:54 AM, Michael Thomas wrote:

> in Section 4:
>   Signers SHOULD NOT remove any DKIM-Signature header fields from
> messages they are
>   signing, even if they know that the signatures cannot be verified.
> This actually applies to everybody. There are several reasons for  
> this.
> First
> is that DKIM allows you to specify the length of a body so it is  
> not the
> case
> a priori that mailman will destroy the signature. Second, other
> heuristics can
> be applied to make mailing list traversal even better such as using  
> the
> z= tag
> to determine whether trivial subject modifications have been made.  
> Third and
> probably most important is that removing the signature is actually
> harmful rather
> than helpful: a broken signature and a missing signature MUST be  
> treated as
> equivalent to no signature at all (lest an attacker just add a fake
> DKIM-signature
> header to get preferential treatment), and as above the verifier loses
> the ability
> to recover the signature.

I haven't had time to read the formal spec, but does it specifically  
handle the mailing list use case, where you cannot vouch for what  
comes out the other end when you send a message to it?

- -Barry

Version: GnuPG v1.4.6 (Darwin)


More information about the Mailman-Developers mailing list