ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] l= summary, as I see it

2009-05-25 07:36:26
from [Charles Lindsey] [Permanent Link] 
On Fri, 22 May 2009 19:39:33 +0100, J.D. Falk  
<jdfalk-lists(_at_)cybernothing(_dot_)org> wrote:


J.D. Falk wrote:


MailMan is covered, though

  [ . . . ]

(This message will be signed, too, with a different key on the same  
box.)


Even better!  The MIPAssoc server (also running MailMan) swapped my
signature for Authentication-Results, and signed the new message.

DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=mipassoc.org;  
s=k00001;
      t=1243013748; bh=KKzdl+Xw6IloZrUtOCIjcoI2bG8=; h=Message-ID:Date:
       From:MIME-Version:To:References:In-Reply-To:Subject:List-Id:
       List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
       Content-Type:Content-Transfer-Encoding:Sender; b=If3rAwfKN03nqJhjL
      EqKR6+0izu3ujK8ak0Oa4AMAuTwZtofkhfGqH6V11/OmvVIPclZ45L0zTsbmYT8XoXN
      5c66LqkE9t/leS246vbssPyoNF3SBhrhFmhuSWno5S5YGLFb3bYto06u8dRLhmakafg
      1MvoT6tUnSj5aHo+uCOI=
Received: from ocelope.disgruntled.net (ocelope.disgruntled.net
      [97.107.131.76])
      by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id n4MHZLXK017726
      (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)
      for <ietf-dkim(_at_)mipassoc(_dot_)org>; Fri, 22 May 2009 10:35:27 -0700
Authentication-Results: sbh17.songbird.com;
      dkim=pass (1024-bit key) header(_dot_)i=(_at_)cybernothing(_dot_)org

I love it when FUD is so easily overridden by operational reality.


But it wasn't. The FUD was actually increased, because the DKIM-Signature  
that was added doesn't cover the Authentication-Results header.

So, being of a suspicious disposition, I shall assume that the  
Authentication-Results was a bogus addition by some subsequent Bad Guy  
(who was smart enouth to fix the Received headers properly), and I shall  
accuse MIPAssoc of deliberately colluding with the Bad Guy by removine  
whatever signature has originally been present (or should have been, given  
some advertised policy of songbird :-) .

Half fixing a security issue is worse than not fixing it at all!

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] let's screw up a good thing, Hector Santos
Next by Date:  Re: [ietf-dkim] A question about public key formats, John Levine
Previous by Thread:  [ietf-dkim] evangelizing dkim, Dave CROCKER
Next by Thread:  Re: [ietf-dkim] chained signatures, was l= summary, John Levine
Indexes:  [Date] [Thread] [Top] [All Lists]