-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Tuesday 2 August 2016 at 12:07:14 PM, in <mid:b9a0c055-9b55-ff2d-1cdf-a61407235...@twopif.net>, Lachlan Gunn wrote: > I mean that I connect to Google's SMTP server with > Thunderbird using the > "lach...@twopif.net" login details, but configure > the account's email > address to be lachlan.g...@gmail.com, so that From: > and MAIL FROM are > both @gmail. And, from your previous post, Google takes it upon themselves to change the "From:" header to "Lachlan Gunn <lach...@twopif.net>" and insert a new "X-Google-Original-From:" header containing the detail from your original "From:" header. So Google chooses to expose two of your email addresses to the recipient instead of just the one you used for that message. To me that is not good. But to bring it back on-topic, would a DKIM signature on such a message be for the gmail.com domain or the twopif.net domain? > I'm not sure exactly what you mean, but I don't > think the existence of > such aliases is a problem---unless I misunderstand, > ultimately the > sender still controls the alias, and it is no > different from any other > email address in that respect. You're right. The DKIM signature says that the email was sent from _an_ authorised account at that domaim but not _which_ authorised account, so I guess it doesn't matter if the email address is an alias. > The main thing is to prevent things like putting > request@roboca into the > to: field in a mass email and then bank on someone > hitting reply-to-all, > or by putting it into Reply-To. Is this a Denial of Service attack, rather than an attempt to get roboca to certify something it shouldn't? > Checking the subject line seems fairly reasonable, > and requiring an > email in response to one the CA---In-Reply-To is > signed in my test > messages, you can use a signature as the message > ID---ought to make > things more difficult for anyone but the CA. I thought the message-ID had to end in a fully qualified domain name. - -- Best regards MFPA <mailto:2014-667rhzu3dc-lists-gro...@riseup.net> Do what you can, with what you have, where you are. -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJXoKjFXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwFl0IAL1HHiElzNQi2VuxAxlycvGE eJ8vO3MNoPAXpY7hNByUU9X2TSPk1hmip2JM3Jv3MeZuxklFQceMVcCmcqTl52iD /mWm6jXooMZMJdbsl4yE/AEhd4vlioXPIzmvRZ8JIHXnZ221qdpRZkwQoyRvWTmj fmIZu26d5ghY0dsOOQMD5vkCLR120dYpDj2N6fZvV9jZ/UqfbHGf8IGkM1iYashL rYgYkN3ngyw45hN5XL0VzVeRiqUMCbzjom6414p49Jw6KaBHoZzPOMb0DGEEbhE0 S/EyoDiCazhhe9ABlUE4tEfdLiVba0/K6roJcalraac3g3UL92wt2WBzel8L11WI vgQBFgoAZgUCV6Co0F8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45ET0AQCBbxecjM2YUHpOjRwNKQVHiKn7 khgG1DB6CRhyPwYq4AEA1vz7ZwGnh/5ekfdBDxUTY/CZjO/wtEFGhP1OTRI/wwY= =xYP5 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
