[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] lists.xen.org Mailman configuration and DKIM

Matt Wilson writes ("Re: [Xen-devel] lists.xen.org Mailman configuration and 
DKIM"):
> On Fri, Aug 03, 2012 at 07:44:30AM -0700, Ian Jackson wrote:
> > That would be better than asking lists.xen.org to start violating the
> > specified protocol.  Now of course a SHOULD is not an absolute
> > requirement.  Perhaps mailing lists are a special case somehow; but if
> > so I would expect this to be addressed in the relevant standards
> > documents.  I don't see any particular reason to think that
> > lists.xen.org is somehow unusual.
> 
> Ultimately I think that Mailman should verify DKIM signatures, provide
> a new signature for the modified message (or have the outbound MTA do
> the signing), and retain the origional DKIM signature as a trace. I
> believe that this is in line with the recomendations for intermediary
> email handlers like Mailman in RFC 5863 [4]. Of course, I don't know
> if Gmail will rework their implementation to ignore the invalid
> signature. At least one Mailman user reported success simply adding a
> new signature and not stripping any header [5].

The solution to the broken DKIM implementations, or broken spec, must
not be allowed to become "install more DKIM".  That is making the
problem worse, not better.

> Personally, I think that stripping DKIM headers as a short term
> workaround is less objectionable.

So bottom line is you think that Gmail is violating a SHOULD NOT.
And you are suggesting that the right fix for this is for us to also
violate a SHOULD NOT.  That can't be right.

> If a test of removing DKIM headers to see if it helps with delivery to
> Gmail is off the table, then perhaps configuring Mailman in a way that
> doesn't break DKIM signatures would be an option? Amazon's signed
> headers include date, from, to, cc, subject, message-id and
> mime-version. If the subject manipulation of adding [Xen-devel] was
> removed, the signature would likely still be valid.

I don't think that would be popular and I don't think this is a good
reason to do it.

Personally I think these subject line prefixes are annoying and if it
were my list it wouldn't have had them to start with.  But if you want
us to turn that off I think you need to get consensus for that.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.