On Fri, 22 May 2009 19:39:33 +0100, J.D. Falk <[email protected]> wrote:
> J.D. Falk wrote: > >> MailMan is covered, though > [ . . . ] >> (This message will be signed, too, with a different key on the same >> box.) > > Even better! The MIPAssoc server (also running MailMan) swapped my > signature for Authentication-Results, and signed the new message. > > DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=mipassoc.org; > s=k00001; > t=1243013748; bh=KKzdl+Xw6IloZrUtOCIjcoI2bG8=; h=Message-ID:Date: > From:MIME-Version:To:References:In-Reply-To:Subject:List-Id: > List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: > Content-Type:Content-Transfer-Encoding:Sender; b=If3rAwfKN03nqJhjL > EqKR6+0izu3ujK8ak0Oa4AMAuTwZtofkhfGqH6V11/OmvVIPclZ45L0zTsbmYT8XoXN > 5c66LqkE9t/leS246vbssPyoNF3SBhrhFmhuSWno5S5YGLFb3bYto06u8dRLhmakafg > 1MvoT6tUnSj5aHo+uCOI= > Received: from ocelope.disgruntled.net (ocelope.disgruntled.net > [97.107.131.76]) > by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id n4MHZLXK017726 > (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) > for <[email protected]>; Fri, 22 May 2009 10:35:27 -0700 > Authentication-Results: sbh17.songbird.com; > dkim=pass (1024-bit key) [email protected] > > I love it when FUD is so easily overridden by operational reality. But it wasn't. The FUD was actually increased, because the DKIM-Signature that was added doesn't cover the Authentication-Results header. So, being of a suspicious disposition, I shall assume that the Authentication-Results was a bogus addition by some subsequent Bad Guy (who was smart enouth to fix the Received headers properly), and I shall accuse MIPAssoc of deliberately colluding with the Bad Guy by removine whatever signature has originally been present (or should have been, given some advertised policy of songbird :-) . Half fixing a security issue is worse than not fixing it at all! -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: [email protected] snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
