[Mailman-Developers] dkim-signature headers

Stephen J. Turnbull stephen at xemacs.org
Fri Feb 2 05:30:40 CET 2007 

Michael Thomas writes:

 > Just to be clear, there are hacks that we do with the length such
 > that mailing lists that insert trailers into mime structured posts
 > still verify. This is done by not signing the trailing -- and/or
 > </body></html>. This works pretty well. Obviously any wholesale
 > conversions like 8->7bit or other suchlike are going to be a
 > problem, but at least from our vantagepoint of being a pretty big
 > company with a lot of mailing list use, it seems to be pretty rare.

You don't work much with Japanese-language messages, obviously.
*Most* of my Japanese mail gets translated in one direction or the
other, and multiple translations are reasonably frequent for mailing
lists.  I suspect that you'll find that in mostly non-ASCII
environments DKIM will have a lot more trouble.

Internationalization is definitely related to header-munging in
Mailman lists.  What apparently happens with I18N is that adjacent
MIME encoded words get coalesced, and in particular linear white space
gets dropped.  Obviously leading spaces may get translated to tabs,
etc, when doing RFC 822 wrapping on the way out.  Also, there is no
canonical way to do MIME encoding; it is perfectly legal to simply
MIME encode the whole header even though there's only one Chinese
character in it, or just that single character.

I would guess that DKIM headers are often fairly long.  IIRC, the
email module does the canonical thing (ie, just dropping the CRLF pair
and leaving other linear white space alone) for wrapped headers.  This
will *probably* give you the identical headers when they're
regenerated, but that's not guaranteed (eg, if there was trailing
whitespace on some physical line in the original).  Anyway, that's
where I'd look first, if I had time to look.

 > > That said, it would be a simple matter to make the removal of these
 > > signature headers a site option (or even a list option, but I think a
 > > site option is more appropriate).

If, as I suspect, I18N makes a difference, I would *definitely* want a
list option.  Most of my lists are English-only, but a few are for
other languages and one is multilingual (sometimes in a single post! :-)

More information about the Mailman-Developers mailing list