[Mailman-Developers] dkim-signature headers
Mark Sapiro
msapiro at value.net
Thu Feb 8 03:39:33 CET 2007
Michael Thomas wrote:
>
>On Wed, 7 Feb 2007, Mark Sapiro wrote:
>
>> Mike talks about the l= parameter allowing adding trailing content, but
>> I don't see Y! and Gmail using it, and even if they did, how would we
>> (could we) add a footer without breaking either the signature or the
>> MIME structure of the message.
>
> l= is the number of canonical bytes added to the body hash.
> If l=5, for example, anything past the 5th canonical byte will
> not affect the verification of the signature. That's the reason
> we get such high verify rates through mailing lists.
My point is that for what I consider good reasons, Mailman will add the
msg_footer to such a message by wrapping additional MIME structure
around the original multipart/alternative message.
I.e., the original
multipart/alternative
text/plain
text/html
message will be recast as
multipart/mixed
multipart/alternative
text/plain
text/html
text/plain
with the final text/plain part containing the footer. Given that the
original content-type header is included in the signature, the
signature is now broken.
If we were to take a different approach with a signature containing l=,
either the l= includes all the text/plain and at least part of the
text/html, in which we can't add the footer to the text/plain
alternative without breaking the signature, or the l= includes none of
the text/html part in which case the signature is not very good at
verifying the validity of the text/html part. This further assumes we
even know how to add a footer to a text/html part.
See
<http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.039.htp>
for some discussion of why we do it the way we do.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Developers
mailing list