[Mailman-Users] mailman, attachment and digital sign
Brad Knowles
brad at shub-internet.org
Thu Aug 2 23:47:20 CEST 2007
On 8/2/07, Marco De Rossi wrote:
> We have modifed mailman so now it not add the message footer anymore.
> Now we still have this problem only when we send digital signed e-mail
> *with attachment*.
I can see two likely possibilities:
1. The digital signature is being done against the whole message,
headers included. When the message passes through Mailman, some
headers end up getting changed or added, and the signature is no
longer valid.
2. Mailman is still stripping or changing some of the attachment
MIME types or filenames, which causes the signature to be invalidated.
Problem is, cryptographic signatures on messages are extremely
fragile. If even the slightest thing is changed, the signature is
likely to be broken. If you make the signature process more robust,
then you increase the possibility that an attacker could slip
something through that would still appear to be correct, but where
they've actually secretly modified something.
Try turning off all filtering, HTML conversion, etc... within
Mailman. See if that "fixes" the signature problem. If so, then you
have to decide which is more important -- the signature on some
messages or the probability that some malware could get through the
system and sent out to all recipients of the list, because you'd
turned off the filtering.
Unfortunately, this is a binary decision. There is no option to
leave signed messages unfiltered and to apply the filtering rules
only to unsigned messages. Even if there were such a method, the
attackers could get through by simply forging fake signatures that
look valid.
--
Brad Knowles <brad at shub-internet.org>, Consultant & Author
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Slides from Invited Talks: <http://tinyurl.com/tj6q4>
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
More information about the Mailman-Users
mailing list