On 27 Apr 2019, at 19:49, Grant Taylor via mailop wrote:
On 4/27/19 1:09 PM, Bill Cole wrote:
Yes, because the signature included the Sender and List-* headers,
probably non-existent originally, which mailing lists typically
(including this one) add to messages they relay.
Thus the Sender and List-* headers were oversigned.
Yes.
Signing the non-existence of the Sender and List-* headers on
messages sent to mailing lists is a perfect recipe for broken
signatures.
Are you saying that a sending server should have different behaviors
based on the destination of an email? Particularly if it's going to a
mailing list or not?
I can't say "should" because that's a site-specific/sender-specific
choice.
It's a thing that could be done with some effort, the right tools, and
properly trained users.
It is also entirely feasible without substantially weakening DKIM to
just universally not oversign headers that mailing list managers
typically and properly.
Whoever made the signing choices for Brielle's mail made wrong
choices.
I question that.
Are you implying that mailing list managers (software and / or
administrators) have no culpability in the fact that downstream
recipients detected that the original sender's message has been
modified (by the mailing list manager)?
It is not "culpable" for a mailing list manager to add List-* and Sender
headers OR to be blind to DKIM signatures. On the other hand, a signer
that is not part of a mailing lists manager signing non-existent
standard headers used by mailing list managers is actively hostile to
mailing list managers.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
