[Mailman-Users] Preserving S/MIME-Encoded Mail
gtaylor at riverviewtech.net
Fri Jan 16 23:13:00 CET 2009
On 01/16/09 15:46, Barry Finkel wrote:
> Note that Mailman has taken the existing three-part MIME structure
> (plain-text body, HTML-formatted body, and digital signature) and
> instead of placing the list footer as a fourth part in the same MIME
> structure, Mailman has created a new two-part MIME structure with
> the original three-part MIME structure as a first part and the list
> footer as a second part. While this resulting structure is valid
> MIME-encoding (I think), the result is that the initial header lines
> are not at the beginning of the MIME structure. I believe that this
> is causing the mail to appear as an unsigned mail message. I have just
> begun reading "S/MIME 3.1" RFC 3851, and my initial quick reading
> leads me to believe that this
> Content-Type: multipart/signed;
> header line needs to appear in the first part of the MIME headers
> and not within a subsidiary MIME header.
If I recall correctly, S/MIME signed messages are exactly that, signed
/messages/ as in the entirety of the email (short of some headers). As
such, any form of altering the message will break the S/MIME signature.
> Is there a reason why Mailman does not place the list footer as a
> fourth section in the existing MIME structure? Thanks.
I think the more proper thing would be for something (Mailman or it's
MTA interface / handler) to validate S/MIME signed messages and process
them before passing them on. I think that if a message has been signed
and it has been altered in transport, the fact that it failed
authentication should either be noted or the entire message should be
rejected out right. Which ever your preference is, I think this issue
is really a larger mailing list manager conceptual issue than just
something that Mailman is or is not doing.
I think a similar mentality applies to S/MIME encrypted (as opposed to
signed) messages too.
Grant. . . .
More information about the Mailman-Users