Stephen J. Turnbull writes:
> Barry Warsaw writes:
>
> > Me too. Here's my discussion on the topic, including a concrete
> > proposal for Mailman 2.1.10 and 2.2/3.0. Feel free to comment on the
> > wiki on in this thread.
>
> I'll try to post to the wiki later (I'm not a member y
Barry,
Nice document. I still feel like I do not know enough about the
ramifications of stripping or not stripping the DKIM signature to be
sure of the right default, and I still think we could use some more
information and understanding of all of the factors. However, Your
proposed default of n
Barry Warsaw writes:
> Me too. Here's my discussion on the topic, including a concrete
> proposal for Mailman 2.1.10 and 2.2/3.0. Feel free to comment on the
> wiki on in this thread.
I'll try to post to the wiki later (I'm not a member yet and I'm
suffering mail delays---I expect I'll n
Mark Sapiro wrote:
> Michael Thomas wrote:
>
>
>> Similar for
>> text/plain too. For us at least (and it may be that we're just have a
>> lot of html hating
>> geeks), this seems to do the trick pretty well. I see some breakage from
>> multipart/
>> alternative, but not _that_ much.
>>
>
Michael Thomas wrote:
>Mark Sapiro wrote:
>>
>> If we were to take a different approach with a signature containing l=,
>> either the l= includes all the text/plain and at least part of the
>> text/html, in which we can't add the footer to the text/plain
>> alternative without breaking the signatu
On 2/8/07 10:27 AM, "Barry Warsaw" <[EMAIL PROTECTED]> wrote:
> Me too. Here's my discussion on the topic, including a concrete
> proposal for Mailman 2.1.10 and 2.2/3.0. Feel free to comment on the
> wiki on in this thread.
>
> http://wiki.list.org/x/OgM
>
Looks good to me.
" IOW, a valid s
Barry Warsaw wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Excellent post Steve, thanks.
>
> I think we're converging on a solution for Mailman both in the short
> term and in the long term. See my previously posted wiki link for my
> current thoughts on the matter. I just wanted
Mark Sapiro wrote:
> Michael Thomas wrote:
> My point is that for what I consider good reasons, Mailman will add the
> msg_footer to such a message by wrapping additional MIME structure
> around the original multipart/alternative message.
>
> I.e., the original
>
> multipart/alternative
> text/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Excellent post Steve, thanks.
I think we're converging on a solution for Mailman both in the short
term and in the long term. See my previously posted wiki link for my
current thoughts on the matter. I just wanted to add one other thing...
On F
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 7, 2007, at 8:20 PM, Mark Sapiro wrote:
> John W. Baxter wrote:
>
>> On 2/7/07 8:46 AM, "Barry Warsaw" <[EMAIL PROTECTED]> wrote:
>>
>>> Should we strip DKIM by default or not?
>>
>> Not strip by default.
>>
>> Even though that changes the defa
Michael Thomas writes:
> I'm not saying I think that resigning is a Bad Thing, I'm saying that it's
> speculative whether it's a Good Thing. You seem to keep ignoring the
> inherent attack involved with resigning:
Have you actually read my posts, or just enough to feel defensive?
I have speci
Barry Warsaw writes:
> > Make sure no spam gets through your double opt-in list, and you're
> > golden, no?
>
> Ideally yeah. But python.org does get reported occasionally since
> while I think we do a pretty good job of blocking most spam, some
> nasties gated from Usenet still get th
Michael Thomas wrote:
>
>On Wed, 7 Feb 2007, Mark Sapiro wrote:
>
>> Mike talks about the l= parameter allowing adding trailing content, but
>> I don't see Y! and Gmail using it, and even if they did, how would we
>> (could we) add a footer without breaking either the signature or the
>> MIME struc
John W. Baxter wrote:
>On 2/7/07 8:46 AM, "Barry Warsaw" <[EMAIL PROTECTED]> wrote:
>
>> Should we strip DKIM by default or not?
>
>Not strip by default.
>
>Even though that changes the default vs the most recent Mailman, it leaves
>the default alone for everyone who jumps to 2.1.10 from earlier v
On 2/7/07 9:19 AM, "Barry Warsaw" <[EMAIL PROTECTED]> wrote:
> OTOH, how many people would smell something fishy if this
> message had this header:
>
> From: Barry Warsaw <[EMAIL PROTECTED]>
With many MUAs (including the vast majority of different MUA programs and
versions) that would pass total
On 2/7/07 8:46 AM, "Barry Warsaw" <[EMAIL PROTECTED]> wrote:
> Should we strip DKIM by default or not?
Not strip by default.
Even though that changes the default vs the most recent Mailman, it leaves
the default alone for everyone who jumps to 2.1.10 from earlier versions.
--John
__
Michael Thomas wrote:
>
>Frankly I think you'll be screwed even if you remove them too; removing
>them will not allow you to fly below the radar. Consider if Y! and Gmail
>had a bilateral agreement that they expect each other's mail to be signed
>and to put it in the bit bucket if it wasn't. It mak
On 2/7/07 7:32 AM, "Barry Warsaw" <[EMAIL PROTECTED]> wrote:
> Either they have a milter that refuses to
> resign or they have a working milter. If their milter doesn't
> resign, then less harm is done by stripping the header. If their
> milter does resign, then less harm is done by allowing it
On 2/6/07 5:51 PM, "Bob Puff" <[EMAIL PROTECTED]> wrote:
> If a bad DK isn't bad, then how is this supposed to help spam? I mean, if the
> mere presence of some signature in the headers will increase the likelihood of
> an email being delivered (or at least help it NOT be tagged as spam), surely
Michael Thomas wrote:
>Barry Warsaw wrote:
>>
>> The reason From-forging may not be an effective strategy for the
>> spambot though is because part of the point is to spoof the From
>> header so that it looks like the spam is coming from someone you
>> know. OTOH, how many people would smell s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 7, 2007, at 5:06 PM, Michael Thomas wrote:
>>> I'm not saying I think that resigning is a Bad Thing, I'm saying
>>> that it's
>>> speculative whether it's a Good Thing. You seem to keep ignoring the
>>> inherent attack involved with resigning
Barry Warsaw wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Feb 7, 2007, at 11:45 AM, Michael Thomas wrote:
>
>> I'm not saying I think that resigning is a Bad Thing, I'm saying that
>> it's
>> speculative whether it's a Good Thing. You seem to keep ignoring the
>> inherent attack
Joe Peterson wrote:
> Michael Thomas wrote:
>
> 2) The outgoing MTA (sendmail) milter seemed to only want to sign emails
> that did *not* already have a signature. Therefore, Mailman enabled
> them to re-sign by removing the old (presumably invalid anyway)
> signature. At least this way *some*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
BTW, synchronicity is a weird thing. A friend of mine -- totally
unaware of the current discussions -- just sent this to me:
http://it.slashdot.org/comments.pl?sid=218726&cid=17752748
LOL.
- -Barry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 7, 2007, at 11:45 AM, Michael Thomas wrote:
> I'm not saying I think that resigning is a Bad Thing, I'm saying
> that it's
> speculative whether it's a Good Thing. You seem to keep ignoring the
> inherent attack involved with resigning:
>
> F
Barry Warsaw wrote:
> What should MM2.1 do now? Here's a proposal for 2.1.10: Add an
> mm_cfg.py variable that controls whether DKIM headers are stripped or
> not. I think Mark suggested that this should be a site-wide
> variable, and I tend to agree. The reasoning being that all the
> o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 7, 2007, at 11:49 AM, Stephen J. Turnbull wrote:
> Barry Warsaw writes:
>
>> What should MM2.1 do now? Here's a proposal for 2.1.10: Add an
>> mm_cfg.py variable that controls whether DKIM headers are stripped or
>> not. I think Mark suggeste
Stephen J. Turnbull wrote:
> Michael Thomas writes:
>
> > I'm afraid that there's not much consensus on how to deal with the
> > mailing list issue; the people who say "resign" are guessing as there
> > is little/no evidence that resigning is actually a viable strategy.
>
> From the point of vie
Barry Warsaw writes:
> What should MM2.1 do now? Here's a proposal for 2.1.10: Add an
> mm_cfg.py variable that controls whether DKIM headers are stripped or
> not. I think Mark suggested that this should be a site-wide
> variable, and I tend to agree.
I've expressed my reservations r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 7, 2007, at 11:40 AM, Stephen J. Turnbull wrote:
> Barry Warsaw writes:
>
>> Part of me agrees that this is what you'd like to see, but my gut
>> tells me that this will never work in practice. First, no one but an
>> email geek will even unde
Barry Warsaw writes:
> Part of me agrees that this is what you'd like to see, but my gut
> tells me that this will never work in practice. First, no one but an
> email geek will even understand the question, let alone know how to
> answer it,
Agreed. It's a stalking horse for the BCP;
Joe Peterson wrote:
> With DKIM, according to my understanding, you are supposed to treat a
> "bad" sig the same way you'd treat "no" sig. So it would neither help
> nor hurt to have a bad signature; it would be like having none (or a
> missing sig).
>
> Personally, I think DKIM would be a whole l
> What should MM2.1 do now? Here's a proposal for 2.1.10: Add an
> mm_cfg.py variable that controls whether DKIM headers are stripped
> or not.
+1, with it defaulting to strip the DKIM.
Bob
___
Mailman-Developers mailing list
Mailman-Developers
Bob Puff wrote:
> I confess not having read up on Domain Keys.. I did get into SPF a little, but
> understand its flaws as well.
>
> If a bad DK isn't bad, then how is this supposed to help spam? I mean, if the
> mere presence of some signature in the headers will increase the likelihood of
> an e
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 7, 2007, at 4:31 AM, Stephen J. Turnbull wrote:
>> Let me float this though: how about a "signature friendly" knob that
>> configures the list to not do things that are known to be harmful to
>> signatures (including s/mime and pgp for that mat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 7, 2007, at 1:39 AM, Stephen J. Turnbull wrote:
> Certainly. What we really want is policy agents that are smart enough
> to say to the user
>
> This message has a signature which verified successfully and one
> which failed. According to
Michael Thomas writes:
> I'm afraid that there's not much consensus on how to deal with the
> mailing list issue; the people who say "resign" are guessing as there
> is little/no evidence that resigning is actually a viable strategy.
>From the point of view of the mailing lists, resigning is *
Joe Peterson writes:
> With DKIM, according to my understanding, you are supposed to treat a
> "bad" sig the same way you'd treat "no" sig.
I don't think the spec says that. It says:
A verifier SHOULD NOT treat a message that has one or more bad
signatures and no good signatures differe
With DKIM, according to my understanding, you are supposed to treat a
"bad" sig the same way you'd treat "no" sig. So it would neither help
nor hurt to have a bad signature; it would be like having none (or a
missing sig).
Personally, I think DKIM would be a whole lot more effective and
powerful
I confess not having read up on Domain Keys.. I did get into SPF a little, but
understand its flaws as well.
If a bad DK isn't bad, then how is this supposed to help spam? I mean, if the
mere presence of some signature in the headers will increase the likelihood of
an email being delivered (or a
Michael Thomas wrote:
> But let's turn this around: why do you think practice is helpful? I really
> don't understand the motivation at all. Destroying information -- especially
> when you're charged with forensic exercises like spam filters are -- is
> *rarely* the right thing to do. It seems to m
Barry Warsaw wrote:
>> This is not the spec -- and it's not been widely vetted.
>
> Fair enough; it's also out of date as Stephen pointed out. Still, it
> does indicate that the DKIM authors acknowledge that there are
> compatibility issues with mailing lists. The updated section 4 that
> Step
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 6, 2007, at 4:40 PM, Michael Thomas wrote:
>> http://www.dkim.org/specs/draft-ietf-dkim-overview-02.html#anchor61
>
> This is not the spec -- and it's not been widely vetted.
Fair enough; it's also out of date as Stephen pointed out. Still, i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 5, 2007, at 10:56 AM, Michael Thomas wrote:
> This is all
> really fuzzy
> though: barring S/MIME there's no guarantees about "authorship" per
> se.
That's reasonable and I don't think it contradicts anything else
being said here. E.g. if
Barry Warsaw wrote:
>
> ISTM that the DKIM spec is in agreement with you Stephen:
>
> http://www.dkim.org/specs/draft-ietf-dkim-overview-02.html#anchor61
This is not the spec -- and it's not been widely vetted.
>
> I think we can say Mailman is in compliance with choice #3 in this
> list. I will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 3, 2007, at 12:43 AM, Stephen J. Turnbull wrote:
> I think this points in the exact opposite direction from what you
> claim: users already understand what From means in the mailing list
> context, so if From and the DKIM signature are in confl
Michael Thomas writes:
> Let's be clear that I'm advocating a dialog here,
In some sense, there's very little room for dialog, unless it involves
substantial amendments to DKIM. This is inherent in the design: the
whole message is signed. Preserve it nearly verbatim or break the
signature.
Th
Stephen J. Turnbull wrote:
> Michael Thomas writes:
>
> > I'm afraid that intransigence from the mailing list community is
> > likely to really backfire. Mailing list traffic is an extremely
> > small percentage of traffic, and most admins are likely to just
> > ignore the collateral damage if
Michael Thomas writes:
> I'm afraid that intransigence from the mailing list community is
> likely to really backfire. Mailing list traffic is an extremely
> small percentage of traffic, and most admins are likely to just
> ignore the collateral damage if it's too much a nuisance.
We know. M
Bob [EMAIL PROTECTED] wrote:
>> I'm afraid that intransigence from the mailing list community is likely to
>> really backfire. Mailing list traffic is an extremely small percentage
>> of traffic,
>> and most admins are likely to just ignore the collateral damage if it's too
>> much a nuisance. Don
> I'm afraid that intransigence from the mailing list community is likely to
> really backfire. Mailing list traffic is an extremely small percentage
> of traffic,
> and most admins are likely to just ignore the collateral damage if it's too
> much a nuisance. Don't get me wrong: I spend far too
Stephen J. Turnbull wrote:
> Michael Thomas writes:
>
> > What it seems to me is that maybe we should look close at that
> > behavior of when a list ought to take From: responsibility for a
> > message ala digests. When a list completely mangles a message, is
> > it really reasonable for it to
On 2/1/07 5:46 PM, "Bob Puff" <[EMAIL PROTECTED]> wrote:
> I have demime in front of most of my larger lists, and I can tell you from
> casual peeks at the incoming copy that I keep, there are far too many people
> who send html email.
Anyone using Windows machine, or a Mac starting with Tiger wh
Michael Thomas writes:
> What it seems to me is that maybe we should look close at that
> behavior of when a list ought to take From: responsibility for a
> message ala digests. When a list completely mangles a message, is
> it really reasonable for it to keep acting as if it came from the
>
On Feb 2, 2007, at 8:45 AM, Michael Thomas wrote:
> Um, Cisco participates extensively in external mailing list for
> standards
> bodies. And we're not trying to "force" anything; I speak for
> myself as
> one of the authors of the spec.
>
>Mike
Um, then PGP sign your messages and we
Joe Peterson wrote:
> I really do not think that a From address should be changed. This is
> where "Sender" comes in (and Sender is more "behind the scenes" and less
> important to the end user). So what Mailman does not, I believe, is
> correct...
I really do not think that a From address should be changed. This is
where "Sender" comes in (and Sender is more "behind the scenes" and less
important to the end user). So what Mailman does not, I believe, is
correct: keep From set to the person who sent the email and set Sender
to reflect that
Barry Warsaw wrote:
> I'm not sure how much I like that anyway, so comments are definitely
> welcome. After mulling over this post for an hour ;) I'm starting to
> believe that it's the mailing list system that needs to vouch for the
> messages its recipients receive. Of course, it could be Ma
Um, Cisco participates extensively in external mailing list for standards
bodies. And we're not trying to "force" anything; I speak for myself as
one of the authors of the spec.
Mike
Jon Scott Stevens wrote:
> A nice alternative to DKIM signatures...
>
> On Feb 1, 2007, at 8:22 PM, Barry
A nice alternative to DKIM signatures...
On Feb 1, 2007, at 8:22 PM, Barry Warsaw wrote:
> -BEGIN PGP SIGNATURE-
I really don't see what the point of DKIM signatures are on an
internal Cisco mailing list. You either work for the company or you
don't. If you can't verify a message cam
Barry Warsaw wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Feb 1, 2007, at 2:17 PM, Michael Thomas wrote:
>
>> I've for quite a while thought that part of an ultimate DKIM BCP would
>> give some guidance on what a "well behaved mailing list" would be. It
>> would certainly be good
The very basic test I use is what's in the From: address. That's the thing
that's pretty universally displayed and one that users are most likely to
grok. Anything beyond From, and you've probably lost at least half of
the user population at least.
So mailing lists preserve the original From: and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm not sure what the right answer is just yet, but I'll offer some
of my thoughts FWIW.
I think the fundamental question is whether the mailing list is the
originator of the messages its members receive or whether the
original author is. This
Michael Thomas writes:
> Just to be clear, there are hacks that we do with the length such
> that mailing lists that insert trailers into mime structured posts
> still verify. This is done by not signing the trailing -- and/or
> . This works pretty well. Obviously any wholesale
> conversions
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 1, 2007, at 9:03 PM, Michael Thomas wrote:
> We've been running with dkim signatures over a large population for
> nearly
> a year and have had no indication whatsoever that broken signatures do
> anything
> of the sort. Leaving the signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 1, 2007, at 2:17 PM, Michael Thomas wrote:
> I've for quite a while thought that part of an ultimate DKIM BCP would
> give some guidance on what a "well behaved mailing list" would be. It
> would certainly be good if mailman were an example of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 1, 2007, at 11:54 AM, Michael Thomas wrote:
> in Section 4:
>
> Signers SHOULD NOT remove any DKIM-Signature header fields from
> messages they are
> signing, even if they know that the signatures cannot be verified.
>
> This actually appli
Mark Sapiro wrote:
> Michael Thomas wrote:
>
>> Yes, there's no question that mailman as well as lots of other software
>> can destroy signatures. In practice as people seem to actually use them,
>> it is more theoretical than real. We've been running DKIM signers/verifiers
>> for going on a yea
ything like this that will trigger more unsuccessful
> deliveries is a real problem.
>
> Bob
>
> -- Original Message ---
> From: Mark Sapiro <[EMAIL PROTECTED]>
> To: Michael Thomas <[EMAIL PROTECTED]>
> Cc: mailman-developers@python.org
> Sent
is a real problem.
Bob
-- Original Message ---
From: Mark Sapiro <[EMAIL PROTECTED]>
To: Michael Thomas <[EMAIL PROTECTED]>
Cc: mailman-developers@python.org
Sent: Thu, 1 Feb 2007 15:06:25 -0800
Subject: Re: [Mailman-Developers] dkim-signature headers
> Michael
Yep, for a time I was doing some testing of DKIM on my server (using the
sendmail milter). )I was using sendmail at the time, and I have since
switched to Postfix.) I did stop using DKIM after a while, and one
reason was the mailing list stumbling block.
Since passing messages through Mailman ap
Michael Thomas wrote:
>
>Yes, there's no question that mailman as well as lots of other software
>can destroy signatures. In practice as people seem to actually use them,
>it is more theoretical than real. We've been running DKIM signers/verifiers
>for going on a year now and the 99% I quoted is ac
Mark Sapiro wrote:
> Michael Thomas wrote:
>
>> I'm not sure whether Murray's dkim milter allows you to sign with the l=
>> option or not, but setting the body length allows text to be appended to the
>> end of a message -- like a mailing list trailer. This combined with some
>> heuristics
>> w
Michael Thomas wrote:
>
>I'm not sure whether Murray's dkim milter allows you to sign with the l=
>option or not, but setting the body length allows text to be appended to the
>end of a message -- like a mailing list trailer. This combined with some
>heuristics
>with subject line modification gets
Joe Peterson wrote:
> Hi Michael,
>
> Thanks for writing about this. I suspect many are under the impression
> that passing messages through mail lists tended to break DomainKeys and
> DKIM (I know I was one, at least back when I was experimenting a lot
> with it). In fact, it always seemed to br
Hi Michael,
Thanks for writing about this. I suspect many are under the impression
that passing messages through mail lists tended to break DomainKeys and
DKIM (I know I was one, at least back when I was experimenting a lot
with it). In fact, it always seemed to break on my Mailman lists,
leavin
76 matches
Mail list logo
