On Mon, 7 Jan 2008, Daniel Black wrote: > perhaps the verification process could almost brute force the email list > mangles. This would involve: > 1. attempting the subject line unfudges (removing []) > s/Subject:/\([^[]*\)\[[^\]*] \?\(.*\)/\1\2/' > 2. attempting to remove the last 5 (configurable) lines off the email and see > if that passes.
You certainly could do this, though it could require recomputing the hash several times which is a bit on the expensive side, and dangerous if you have an MTA waiting for a response from the server. It's also worth noting that the discussions among the original DKIM implementors, as I recall, leaned in the direction of recommending that a failed signature should still be considered failed even if you can determine what mangling took place to cause it to fail, and thus determine what the original signed message looked like. This is to some extent what the "z=" tag is for. > Yes this going to be really ugly to implement. Is it worth it? > > Am I missing something in the standard that says a verifying server > should not attempt to verify the original signature? There's nothing in the standard that makes that improper. In fact the standard is deliberately vague on the topic of interpreting multiply-signed messages. It's up to the verifier to decide how to handle them. The only guidance it provides is to say that one can't rely on the order of the signatures to be meaningful because we've seen header order get mangled in transit before. The current libdkim implementation evaluates all of them by default, in the order in which they appear in the headers. The filter doesn't allow you to say which one(s) to prefer, but it could if that turns out to be a good idea. The library allows the caller to specify which ones it wants to consider and in which order. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
