On Sun, 6 Jan 2008 05:38:52 pm SM wrote: > At 02:12 05-01-2008, Andrew Haveland-Robinson wrote: > >No, not relying on gmail, just noticed it didn't verify. Perhaps signed > >messages should be delimited to protect against appendices, and made clear > >where the authentication begins and ends? > >Like the OSI 7 layer model, can't dkim not make use of wrappers and > >encapsulation to preserve integrity during transmission/forwarding? > > There's an option (BodyLengths ) which will include the body length > tag when signing a message. This allows the message to pass > verification if it goes through a mailing list which append a > footer. DKIM-signed messages are generally not affected by > forwarding as the signed headers and body content is not modified by > forwarders.
I did a trial patch to enable a database of addresses that will receive the body length tag. Database entries need to be managed using raw db tools (ref comment "2007-11-03 23:29"). http://sourceforge.net/tracker/index.php?func=detail&aid=1811969&group_id=139420&atid=744361 For other email lists, like this one, you need to account for the [listname] tags. my opinion is that gracefull handling of email lists fudges will ultimately determine if DKIM is readily adopted in an organisation. perhaps the verification process could almost brute force the email list mangles. This would involve: 1. attempting the subject line unfudges (removing []) s/Subject:/\([^[]*\)\[[^\]*] \?\(.*\)/\1\2/' 2. attempting to remove the last 5 (configurable) lines off the email and see if that passes. Yes this going to be really ugly to implement. Is it worth it? Am I missing something in the standard that says a verifying server should not attempt to verify the original signature? -- Daniel Black -- Proudly a Gentoo Linux User. Gnu-PG/PGP signed and encrypted email preferred http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x76677097 GPG Signature D934 5397 A84A 6366 9687 9EB2 861A 4ABA 7667 7097
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
