51 lines
2.5 KiB
Plaintext
51 lines
2.5 KiB
Plaintext
MBOX-Line: From dave at cridland.net Fri Mar 13 13:32:48 2015
|
|
To: imap-protocol@u.washington.edu
|
|
From: Dave Cridland <dave@cridland.net>
|
|
Date: Fri Jun 8 12:34:54 2018
|
|
Subject: [Imap-protocol] DKIM signatures on this list
|
|
In-Reply-To: <alpine.LSU.2.20.1503131305190.2099@linux-0rhy>
|
|
References: <20150313164848.24608.qmail@ary.lan>
|
|
<alpine.LSU.2.20.1503131305190.2099@linux-0rhy>
|
|
Message-ID: <CAKHUCzxeUeM2YBqCryov4pfEVfZvaHd-KsacMbiURQ+NGWVHvA@mail.gmail.com>
|
|
|
|
On 13 March 2015 at 19:28, Eduardo Chappa <echappa@gmx.com> wrote:
|
|
|
|
> On Fri, 13 Mar 2015, John Levine wrote:
|
|
>
|
|
> Many people imagine that an invalid DKIM signature says something bad
|
|
>> about a message. They are mistaken, no matter how often they repeat that
|
|
>> misconception. There is nothing in DKIM that says anyone should remove
|
|
>> signatures from incoming mail for any reason. If a signature doesn't
|
|
>> validate, the correct thing to do is to ignore it.
|
|
>>
|
|
>
|
|
> The point of a signature is to have a way of verification of the message
|
|
> as sent and received. If "you" received a message from your boss saying "I
|
|
> approve that you spend ten thousand dollars in the company party" and the
|
|
> signature of such message would not validate, that would certainly not be a
|
|
> situation where "you" would say "the correct thing to do is to ignore it."
|
|
> Let me put it this way. There is a purpose in the signature, and if it does
|
|
> not validate, that is serious matter. When it is broken by software (even
|
|
> if the intentions of that software are good) that is not good either. I
|
|
> know IMAP servers can break S/MIME signatures in messages with attachments
|
|
> by adding a trailing CRLF to messages, or some mailing list processors can
|
|
> fold lines and break S/MIME signed messages. Alpine (my MUA) goes to
|
|
> greater lengths to validate signatures than any other MUA that I know of.
|
|
>
|
|
>
|
|
John's point was, as I read it, that given the choices are either that the
|
|
mailing list strips the DKIM signature, or else the MUA ignores an invalid
|
|
DKIM signature (and treats it as unsigned), they are equivalent and it's
|
|
not worth worrying about.
|
|
|
|
That's to say, I didn't read his message as saying you ignore the fact it
|
|
doesn't validate, or that you ignore the message, or any number of other
|
|
obviously wrong things.
|
|
|
|
Just treat is as unsigned, with all that this implies.
|
|
|
|
Dave.
|
|
-------------- next part --------------
|
|
An HTML attachment was scrubbed...
|
|
URL: <http://mailman13.u.washington.edu/pipermail/imap-protocol/attachments/20150313/5e26b43d/attachment.html>
|