Elliot Foster wrote:
I was working on the same thing and had planned on having it be able to
sign outbound messages as well.
I'm coming to the conclusion that signing should be a separate plugin,
if for no other reason that I already have a patched qmail which will
handle the signing part for me... ;-)
One thing that I noticed was that it read the entire message into
memory, rather than point to the cached message on disk. It would nice
to not have to read the entire message into memory.
That is absolutely required, in that the entire message is required to
be read in order to calculate the signature to compare to the header.
If you look at Mail::DomainKeys::Message, if you pass it a file (instead
of HeadString and BodyReference), it just reads the whole message from
the file anyways.
We could /change/ the in-bound domainkeys to defer reloading into RAM
until it knows that there is a signature to check (i.e. look for a
DomainKey-Signature header). This would need to be a config-time
setting, e.g.
domainkeys IgnorePolicy yes
since you are supposed to consult the policy if the message isn't
signed. I'm also inclined to rename the plugin to be in the singular,
since that is the name that has been chosen (not plural).
Show of hands:
A message is signed but not verifiable (for whatever reason). Should
the message be declined iff a global policy exists? Or should a signed
but not verified message be bounced (on the assumption it is a forgery
rather than a mis-configured selector)? The RFC is [surprise, suprise!]
incompletely formulated...
John
--
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5748
