[Mailman-Users] Broken signature because of multipart/alternative

Stephen J. Turnbull stephen at xemacs.org
Wed May 9 14:02:08 CEST 2007

Wilfred Gasper writes:

 > Thank you for this description. So there's nothing I can do against it 
 > like using another version of Python?

Well, another version of Python won't do.  You need another version of
the Internet.  According to RFC 2822,

Subject: a few words

  a few words

	 a few words

have identical semantics.  So if you sign RFC 2822 headers, you need
to canonicalize them before signing, and again before verifying,
because any relay might change them.

See the domain keys standard www.dkim.org for a protocol that has to
solve a similar problem.

Mailman intends to deal with domain keys in some future version (but
implementation is not scheduled yet, don't hold your breath ... unless
you want to do it yourself), so the necessary code for
canonicalization will eventually be available in Mailman (presumably
inherited from the standard email module in Python).  But you still
face breakage from all relays between signer and verifier.


More information about the Mailman-Users mailing list