Hello.
I finally want to remark two things about the IETF mailing-list
configuration also directly to support@. For one, this is the
list of DKIM protected header fields:
h=Date:From:To:In-Reply-To:References:Subject:
List-Id:List-Archive: List-Help:List-Owner:List-Post:
List-Subscribe:List-Unsubscribe;
The MIME fields are completely missing (even though present in the
message), which is considered insecure. That is, there was a big
big turmoil in this regard some years ago, unless i am mistaken.
Now IETF communication is not security critical maybe, but as the
originator of some standard using the standard "correctly" seems
to be a desirable thing to me.
Personally, and that is the second thing, i always go grazy when
i see that internally the IETF server (singular) goes, in reverse
order:
Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.3 with
cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519
server-signature ECDSA (P-256) server-digest SHA256) (No client certificate
requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49B2FC1D530B for
<ietf-dkim@ietf.org>; Wed, 22 Jan 2025 11:53:24 -0800 (PST)
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w0RNuMNNBS2d for
<ietf-d...@ietfa.amsl.com>; Wed, 22 Jan 2025 11:53:26 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id EBCA0C1E0179 for <ietf-d...@ietfa.amsl.com>; Wed, 22 Jan 2025
11:53:31 -0800 (PST)
Delivered-To: ietf-d...@ietfa.amsl.com
ML.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1;
t=1737575749; bh=bdyHSyH8yskUjbGsuBVmhnfBm1JpGFQfYXDlHOI5tAk=;
h=Date:From:To:In-Reply-To:References:Subject:List-Id:List-Archive:
List-Help:List-Owner:List-Post:List-Subscribe:List-Unsubscribe;
b=d7PRnxeWuDnFrnobKR4JFkZyqaozdyplfX5eot69Ii9dgg+lbHhV0mlkBb2+mCv4R
ZjSj8UQZAu+NvJw8rrMfw9tYY97G5pbjIzUbIBprJcSX3Ecxud2vAUVjs6SvAdNR5l
F8LJUucxItmYbPfvnlX5AcjqzBc8czxWnhoyQ974=
X-Mailbox-Line: From ietf-dkim-bounces+steffen=sdaoden...@ietf.org Wed Jan 22
11:55:37 2025
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com
(Postfix) with ESMTP id 4F08EC1F6DFD for <stef...@sdaoden.eu>; Wed, 22 Jan 2025
11:55:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1;
t=1737575718; bh=bdyHSyH8yskUjbGsuBVmhnfBm1JpGFQfYXDlHOI5tAk=;
h=Date:From:To:In-Reply-To:References:Subject:List-Id:List-Archive:
List-Help:List-Owner:List-Post:List-Subscribe:List-Unsubscribe;
b=Nzlvp4NfYnbDxl6Ycbs8O5qtIjX2aQ60F4K+XysP+YgWCd2MRs4VNHZErVXJgDjSy
qbr4iv/6z9tr8LKK5dSM/+eYrmJURJSd5wEf3abBz+WKwu+h2jlaymHMvpTM+qeSvj
2me3I6jXl1UsKpj1lJM04aKY1fe7zBfpIjKUBrmQ=
I do not get one of these DKIM signatures, where you really only
swap in between local interfaces, and whatever you do (likely the
outbound mails pile up at the last one), this seems to be all the
postfix MTA, where master.cf allows for plugging things together
however you want, and if you have a verified email pipeline that
comes from the ML driven on the same box (??) then it seems
totally superfluous to add another DKIM signature on top of that.
Or do it vice versa. But it is the same key, the same list of
signed headers, the same algorithm etc etc. Why is it so?
I would bet the one where the outbound mail piles up (if it is
like that) can only be reached by internal other instances (on the
same server even?), aka only by verified / safe senders, and the
generating a single DKIM signature there seems like a sane thing
to do, saves processing power and energy, which is also something
the IETF should strive for, in my opinion. (Having said that,
over a year it possibly merely covers the on-airport terminal to
airplane transfer of a single engineer going to Bangkok, if at
all. But isn't it also intention and overall impression?)
Just my one cent,
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
|
|In Fall and Winter, feel "The Dropbear Bard"s pint(er).
|
|The banded bear
|without a care,
|Banged on himself for e'er and e'er
|
|Farewell, dear collar bear
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
