[Mailman-Users] Preserving S/MIME-Encoded Mail

Grant Taylor gtaylor at riverviewtech.net
Tue Jan 20 16:33:54 CET 2009 

On 01/20/09 03:46, Stephen J. Turnbull wrote:
> This isn't really relevant to Mailman, though.  MIME messages are by 
> design recursively structured, and MUAs that claim to support S/MIME 
> should be able to handle recursive structure.  The only 
> responsibility Mailman has or should accept is to encapsulate signed 
> bodies verbatim so as not to break the signature.

I'll agree with you on Mailman's responsibility.  However in 10+ years 
of computer work I can assure you that there is quite a bit of software 
out there that /claims/ to do something but falls short of that claim.  ;)

> The user should put in an RFE for your MUA if that extra effort 
> bothers him.  If he hasn't validated the signature himself, he has to 
> assume that it is invalid.  This is not a task that can be delegated 
> to mailing list software.

RFE?  I also don't understand how this task (technically) can not be 
delegated to the mailing list software.  Though I will concede that the 
task is very much likely out side of the scope of the mailing list 
software, thus unlikely to happen.

> Please, no.  That's an open invitation to phishing.  To prevent it 
> robustly, Mailman would have to remove signatures that it can't 
> validate, otherwise a message could be crafted to look like one that 
> was validated by Mailman.  But that is clearly the wrong thing to do, 
> as the recipient might be able to validate signatures that Mailman 
> cannot.

I fail to see how this is an open invitation to phishing.  Further I 
fail to see how Mailman (presuming it had access to OpenSSL's tool set) 
would not be able to validate standard S/MIME signatures.  As S/MIME 
signatures are validated all the time by MUAs that had no prior 
knowledge of the public key of the sender.  Encryption on the other hand 
requires prior knowledge.  Thus I believe that it is possible for a mail 
handling program to take any S/MIME signed message and test the signed 
message to make sure that it was not altered.

If you are worried about someone spoofing messages that Mailman would 
send, that should be simple to solve by having Mailman S/MIME sign its 
signatures.  In my head this means that you now have verification that 
what Mailman sent was 1) not modified and 2) was indeed sent by Mailman. 
  At least you have assurances that the message was sent by Mailman in 
so far as S/MIME can assure.  (We can substitute PGP for S/MIME and 
still continue the discussion.)



Grant. . . .

More information about the Mailman-Users mailing list