[Mailman-Users] Preserving S/MIME-Encoded Mail
Grant Taylor
gtaylor at riverviewtech.net
Tue Jan 20 16:33:54 CET 2009
On 01/20/09 03:46, Stephen J. Turnbull wrote:
> This isn't really relevant to Mailman, though. MIME messages are by
> design recursively structured, and MUAs that claim to support S/MIME
> should be able to handle recursive structure. The only
> responsibility Mailman has or should accept is to encapsulate signed
> bodies verbatim so as not to break the signature.
I'll agree with you on Mailman's responsibility. However in 10+ years
of computer work I can assure you that there is quite a bit of software
out there that /claims/ to do something but falls short of that claim. ;)
> The user should put in an RFE for your MUA if that extra effort
> bothers him. If he hasn't validated the signature himself, he has to
> assume that it is invalid. This is not a task that can be delegated
> to mailing list software.
RFE? I also don't understand how this task (technically) can not be
delegated to the mailing list software. Though I will concede that the
task is very much likely out side of the scope of the mailing list
software, thus unlikely to happen.
> Please, no. That's an open invitation to phishing. To prevent it
> robustly, Mailman would have to remove signatures that it can't
> validate, otherwise a message could be crafted to look like one that
> was validated by Mailman. But that is clearly the wrong thing to do,
> as the recipient might be able to validate signatures that Mailman
> cannot.
I fail to see how this is an open invitation to phishing. Further I
fail to see how Mailman (presuming it had access to OpenSSL's tool set)
would not be able to validate standard S/MIME signatures. As S/MIME
signatures are validated all the time by MUAs that had no prior
knowledge of the public key of the sender. Encryption on the other hand
requires prior knowledge. Thus I believe that it is possible for a mail
handling program to take any S/MIME signed message and test the signed
message to make sure that it was not altered.
If you are worried about someone spoofing messages that Mailman would
send, that should be simple to solve by having Mailman S/MIME sign its
signatures. In my head this means that you now have verification that
what Mailman sent was 1) not modified and 2) was indeed sent by Mailman.
At least you have assurances that the message was sent by Mailman in
so far as S/MIME can assure. (We can substitute PGP for S/MIME and
still continue the discussion.)
Grant. . . .
More information about the Mailman-Users
mailing list