David Gibbs wrote:
Since Mailman adds it's own headers to the messages it processes, any existing
signatures in the message are invalidated.
But... They aren't. Some may be, but not all. As an example, the post
from mouss wich you replied to was verified with DKIM by our MX to be
signedhave passed through a system correctly signing for
"mo...@ml.netoyen.net".
DKIM specifies wich headers it includes in the signature, and ignores
headers that are prepended after the signature. As long as mailman
leaves the specified headers below the signature alone, adding it's own
headers won't invalidate DKIM signatures.
Also, some signatures simply don't care about the *message* headers at
all, only about the body or the signed MIME part(s).
Thus, Mailman has to remove any existing signatures and let the MTA resign the
message after it's been processed.
If mailman has been set up to change the body (adding a footer for
example) or change headers that can reasonably be expected to appear in
signatures (like From or Subject for example), it should remove certain
signatures (like DKIM) and (preferably) replace them with the
authentication results at the current point (of course, it should (when
applicable) include any prepended results header(s) in it's own
signature if it then resigns the message).
Otherwise I see no reason for it to remove signatures. Wich is an
obvious reason *not* to add a footer or a subject tag, as well as a
reason not to rewrite From and reply-To. Wether or not that reason is
important is a personal opinion, but it is valid.
If signatures are left in places and important data isn't changed, our
regular verification methods can verify wether a post purporting to be
mouss (for example) came from a system that should send mail from mouss.
If mailman removes existing signatures or changes important data, we can
not verify that the mail really was sent though a system supposed to
send mail from mouss.
If mailman (or it's MTA) adds authentication results, we have to trust
the system (and it's administator(s)) in order to be reasonably sure
wether the mail was sent from an autorized system or not. This may not
be reasonable for all list hosts.
Note: Important data for the mail from mouss that you replied to is the
body, and the following headers:
Date:From:Reply-To:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
As long as mailman (or anything else) doesn't change that data, the DKIM
signature will still be valid and verifiable, wich it is here.
Regards
/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/
