> >>> > Any scheme that depends on the contents of mail headers being > >>> > immutable is broken by design. Some people, sadly, have forgotten > >>> > that the original purpose for email was to facilitate communications > >>> > between dissimilar systems, therefore the internal formatting of > >>> > email cannot be assumed to be immutable. > > >>> DKIM signatures break when downgrading or upgrading of encodings is > >>> performed, so the recommendation in the DKIM specification is that > >>> only 7bit should be used, making 8bitMIME unnecessary. > > >> doesn't that mean that DKIM is broken by design?
> > Seems that way to me. On 14.04.10 13:32, Dino Ciuffetti wrote: > Whatching some rfc, and I found that... > RFC 5617 (ADSP), Appendix B. > > Domain managers are advised to consider the ways that mail processing > can modify messages in ways that will invalidate an existing DKIM > signature, such as mailing lists, courtesy forwarders, and other > paths that could add or modify headers, or modify the message body. > If the modifications invalidate the DKIM signature, recipient hosts > will consider the mail not to have an Author Domain Signature, even > though the signature was present when the mail was originally sent. > > So it seems that Sam was right! DKIM is broken by design! imho mailing lists should either not modify the headers (especially popular Subject prefixing) and if they know DKIM, they apparently should not modify the body (popular list signatures). Unluckily, not many mail clients support mailing lists enough to provide necessary info to user (especially list info and unsubscribe headers), and therefore many mailing lists tend to modify both subject and body. List software supporting DKIM could verify the signature and should remove it, if it's going to be invalidated. It may re-sign the message using own DKIM signature. However, invalidating DKIM signature when recoding mail seems to be major DKIM design flaw. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Depression is merely anger without enthusiasm. ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
