Murray S. Kucherawy wrote:
> On Thu, 17 Jan 2008, Jose-Marcio Martins da Cruz wrote:
> If that's enough of a concern for your site, you should probably tell the
> MTA to temp-fail messages when dkim-filter is offline.
I'd like to avoid tempfail messages during too long. That means delaying
many dozens of thousands messages a day. I can't do that.
>
> Adding the job ID as a comment is allowed in the current A-R draft so it
> would be possible to add. For that matter anything you want could go into
> a comment, such as a fixed shared secret your other filters all know.
> That way they can tell that the header was added by an upstream filter you
> trust and there's no change to the rest of the available information or
> format.
>
> On another note, the first field of the A-R header is supposed to be the
> hostname, but it doesn't have to be (see sections 2.2 and 2.3 of the
> draft). You can make it the job ID or any other shared secret if that
> suits your needs. However, if you do this, other downstream filters which
> implement the A-R header field removal code won't be able to remove forged
> headers reliably because they won't know which values in that location are
> yours and which aren't.
>
> I'd take this last idea as an FFR adding a configuration option with the
> default being to use the hostname as it is now. The documentation will
> have to reflect the limitation it imposes to some sites.
In a normal configuration, there should be, in this order :
dkim-filter verifying signature
another filter using dkim-filter auth result
Options are :
* a fixed shared secret between my filter and dkim-filter. But fixed
means fixed during a very long time (days, months, years...). If the
secret lasts long enough, an attacker can get access to it and use it.
Either way, there should be some way to share a secret between
dkim-filter and some other filter
* the couple (hostname,msgid) is, IMHO, an easy way to share a not fixed
secret. I don't agree with SM, as this IS couple is a unique ID.
If the message ID is inside a comment, it's good enough for me, as it
allows me to ensure better checks, and allows current behaviour of
removing old AR. But OK, do what you think it's the best way...
--
---------------------------------------------------------------
Jose Marcio MARTINS DA CRUZ http://j-chkmail.ensmp.fr
Ecole des Mines de Paris
60, bd Saint Michel
75272 - PARIS CEDEX 06 mailto:[EMAIL PROTECTED]
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
