[Mailman-Developers] Testing different email structures with MUAs
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Sep 12 07:49:09 CEST 2013
On 09/11/2013 08:44 PM, Stephen J. Turnbull wrote:
> Abhilash Raj writes:
>
> > I have attached all 3 type of message, each in a different file. Please
> > can you place it in your maildir and check how your MUAs respond to it
> > and report here? The message signature will not be verified(the
> > signature text is actually gibberish), this experiment is just to check
> > how the MUAs handle the message with such a structure.
>
> I don't understand what you think you will learn from this experiment.
> We're not interested (for your purposes) in what MUAs do with broken
> messages, including those that can't be validated. Your code simply
> should never emit them. (OTOH, we are interested in what your code
> will do with broken messages: it should trap them.)
I think Abhilash is modeling what the messages emitted by a re-signing
mailing list might look like.
We've been discussing several options about whether a message should be
re-signed by the mailing list before being sent to the subscribers,
whether the original author's signature should be kept as well, and if
both signatures are present, how they should be attached to the message.
He's created these messages so that people can view them in their
OpenPGP-compatible MUAs and see how the message signatures are displayed
to the user.
> In particular, in most cases the MUA will parse the multipart
> structures and tell you what they've found in one way or another.
> This is true of signed message parts. It's not unreasonable to
> suppose that some messages will contain additional content after the
> signed part; the MUA needs to determine the boundaries of the part in
> any case.
I'd actually argue that it *is* unreasonable in the current ecosystem to
include some non-signed content after the signed part. Most
OpenPGP-compliant MUAs that i've seen (thunderbird+enigmail in
particular [0]) cannot clearly indicate to the user which part of a
multipart, partially-signed message was the signed part.
[0] see the thread starting at
https://lists.enigmail.net/pipermail/enigmail-users_enigmail.net/2013-March/000721.html
Mailman is perhaps the most common generator of messages like this, such
that icedove+enigmail currently makes the tradeoff to permit what is
effectively a known signature-validation spoofing attack rather than
make people think that mailman is stripping signatures from their messages.
If we could make mailman tuck its footer within a larger signature, that
would be great.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20130912/b8982278/attachment.sig>
More information about the Mailman-Developers
mailing list