Adding a header like that probably falls under the category of "acting
as a reflector". But of course, you can also ask, "What if there's
already a list-id header?" and "Where to add it?". (There probably won't
be such a header, of course, but it's not unheard of for lists to be
cascaded.)
Tony Hansen
[EMAIL PROTECTED]
Stephen Farrell wrote:
>
> Hi Tony,
>
> But presumably just adding List-ID: or similar would be ok?
>
> Stephen.
>
> Tony Hansen wrote:
>> I'm tempted to say: if the mailing list is going to do *anything* to the
>> message other than act as a simple reflector, it *must* strip out any
>> existing dkim signature. What it does after that is up to the mailing
>> list.
>>
>> Tony Hansen
>> [EMAIL PROTECTED]
>>
>> John Levine wrote:
>>>> So I'm asking for a pointer to the "how mailing lists break
>>>> signatures" report, if it exists so I can learn a bit more.
>>> This was argued at some length about a year ago, but I can't
>>> dig up offhand exactly where. Here's some of the more popular
>>> mutations:
>>>
>>> - Add fixed list name tag and varying message serial number to Subject:
>>>
>>> - Add, delete, or replace Reply-To: header
>>>
>>> - Reformat From: line into a standard form, e.g., <[EMAIL PROTECTED]> foo
>>> -> [EMAIL PROTECTED]
>>> (foo)
>>>
>>> - Add a bunch of extra headers like List-ID: and Precedence:
>>> (shouldn't affect signature unless one replaces an existing header)
>>>
>>> - Add a footer to the end of the body
>>>
>>> - Add a "fronter" to the beginning of the body
>>>
>>> - Add, delete, or reorder MIME parts
>>>
>>> - Unpack and re-pack MIME parts with different delimiters
>>>
>>> - Add a footer to one or more MIME parts
>>>
>>> - Edit a footer into an HTML part (Yahoo groups does this)
>>>
>>> - Convert HTML to text or vice versa
>>>
>>> - Recode between 7bit and 8bit, or quoted printable to/from base64
>>>
>>> I quickly came to the conclusion that other than the shrinking
>>> minority of lists that do nothing at all to headers or body, it's
>>> completely hopeless to try to make a signature that will survive list
>>> processing.
>>>
>>> And I still have a lot of trouble thinking of plausible scenarios
>>> where mail from a domain with SSP restrictions would legitimately be
>>> sent through a list.
>> _______________________________________________
>> ietf-dkim mailing list
>> http://dkim.org
>>
>>
>
_______________________________________________
ietf-dkim mailing list
http://dkim.org
