On Thu, Apr 17, 2025 at 2:47 PM Steffen Nurpmeso <stef...@sdaoden.eu> wrote:
> This only survives because DKIM specifies ~"one successful > verification is enough". It is a shame given that other > mailing-lists ensure the original==broken signature is removed or > renamed, but not even a bug report can change the situation for > IETF lists! This makes me sad. > > [...] I give an example, here Jim Fenton's last message. Sorry for > that, but i filter out my own (on ingress): > > DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= > bluepopcorn.net; s=supersize; h=Content-Transfer-Encoding:Content-Type: > MIME-Version:Message-ID:Date:Subject:To:From:Sender: > Reply-To:Cc:Content-ID: > Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc > :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: > List-Subscr ibe:List-Post:List-Owner:List-Archive; bh=..; b=..; > From: Jim Fenton <fen...@bluepopcorn.net> > > Consciously broken by the IETF. But many verifiers will try it > first, and can only fail. For ACDC i would want to avoid that, > somehow. It is -- sorry moderator -- total brain damage, is it?? > (And noting that, in my personal opinion, including List-* for > sealing in an initial private DKIM signature is .. interesting.) > Sorry, what broke here? The signature itself isn't enough to understand. If there's something the IETF's list servers are doing wrong, we can ask the tools team to look into it. But let's not bog down this WG with that discussion. And then: how could my domain *know* that it was the IETF list > that broke the signature? I know its DKIM signature is correct, > but i would not know, i could only believe that Jim Fenton's > initial DKIM signature was correct, too. Now his signature is > still in, and broken, while he is still "RFC5322.From". > (And hey: he *sealed* List-* headers!!!) > If Jim's server is signing List-* fields for a message that hasn't gotten to a list yet, that seems like it guarantees this message will have DKIM problems. But again, that's not really on topic for the current discussions. -MSK
_______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
