ietf-822
[Top] [All Lists]

Re: 2 MIME questions re: message/rfc822

2004-11-05 09:06:57

On Thu November 4 2004 14:54, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
Scenario:

I post to a mailing list, and include a multipart, one of
which is a message/rfc822.  My MUA software takes the entire message
as it lives in the message store, and sends it off.  When my copy
comes back from the mailing list, the PGP signature is busticated.

Why?  Because the first few lines outbound looked like:

+++ Start outbound copy here
------- =_aaaaaaaaaa0
Content-Type: message/rfc822
Content-ID: 
<3230(_dot_)1099595697(_dot_)2(_at_)turing-police(_dot_)cc(_dot_)vt(_dot_)edu>
Content-Description: forwarded message

From owner-test-l(_at_)LISTSERV(_dot_)VT(_dot_)EDU  Thu Nov  4 14:12:36 2004
Return-Path: <owner-test-l(_at_)LISTSERV(_dot_)VT(_dot_)EDU>
Received: from localhost 
(IDENT:valdis(_at_)turing-police(_dot_)cc(_dot_)vt(_dot_)edu [127.0.0.1])     
by turing-police.cc.vt.edu (8.13.
1/8.13.1) with ESMTP id iA4JCU9n014549  for 
<valdis(_at_)turing-police(_dot_)cc(_dot_)vt(_dot_)edu>; Thu, 4 Nov 2004 
14:12:35 -0500
+++ end outbound copy

[...]

1) I am presuming that the mailing list is at fault for unwrapping the
Received: line? (or more correctly, "the piece of software that did the
unwrapping should be fixed")?

Not necessarily; in the first place, if the message is malformed (see below),
all bets are off. We can see that the message is indeed malformed in
one way, and we can surmise that it may be malformed in at least one
other important way. Secondly, in general unfolding or refolding of
header fields makes no semantic difference.  Third, if one is using PGP
as recommended (RFC 3156), refolding of a MIME-part field within
a message/rfc822 part that is not within a signed multipart (RFC 1847)
will have no effect on signature validity.  It is impossible to determine
from your snippet whether or not there was an enclosing signed
multipart, and you haven't said how "the PGP signature" was
computed or communicated.

2) Am I at fault for including the mbox-style 'From ' line,

Yes, absolutely.  What you have generated is in fact not a valid
message/rfc822 MIME-part.  There may well be other problems,
which cannot be determined from your snippet; for example, were
line endings CRLF pairs as required (RFCs 822, 2822, 2046, 2049
(and 1847 if multipart/signed was used)) before the alleged
message was signed and wrapped?  If a signature was
improperly computed on content not in canonical form (CRLF
line endings), it is virtually guaranteed to be invalid.

or is 
the mailing list (or whoever did it) at fault for removing it?

Unclear. The message was clearly malformed; it could have been
returned with some error message -- it appears that there was an
attempt to repair it (one cannot tell where from what you have
provided) instead. There are pros and cons to each approach.