lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHk-=wjMMAOSFdr-+ABZoffQ6NsJVB=iiQ97FUrCC6rt7njccA@mail.gmail.com>
Date:   Sun, 28 Oct 2018 18:31:15 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     post@...ffenvogel.de
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: w1: coding style and checkpatch fixes

On Sun, Oct 28, 2018 at 5:30 PM Steffen Vogel <post@...ffenvogel.de> wrote:
>
> For those who are interested. Rspamd, by default, includes the sender
> address into the list of signed headers:

Ugh. That's just broken.

> There is RFC6377 which discusses this problem. On possible solution is
> a mailing list service which understands DKIM and can check/sign the
> messages.

I think that is almost purely historical.

People figured it out. The actual solution was that mailing lists just
don't rewrite headers or bodies, but they do set that "sender" line
(and add various new ones, like "List-ID" etc unsubscribe
information).

And that was exactly so that dkim would just work, without the list
having to then add its own signing that just causes even more
problems.

[ And no, lkml isn't actually great at this - it will mess up
whitespace on headers, so it only works with a relaxed/relaxed dkim
signature.

  But honestly, if you use strict/strict, you're doing something
wrong. It's a bad idea. Smtp was never whitespace-strict ]

> This is actually according to RFC. Listing signed header-fields
> multiple times prohibits them from beeing modified and resigned my other
> MTAs.

Again, that is mostly historical baggage. I don't think anybody
actually does that.

So yes, you'll find a lot of "what ifs" from ten years ago when people
weren't actually using dkim and mailing lists didn't try to work with
it. Mostly theoretical "this is how it could work".

I've seen some truly horrendous suggestions for mailing lists, like
always rewriting "From" headers etc exactly so that you can then make
a new dkim signature. That would make for a really bad mailing list.

.. and yes, I'm sure such bad mailing lists exist.

                Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ