| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210628144051.GM4058@kvack.org>
Date: Mon, 28 Jun 2021 10:40:51 -0400
From: Benjamin LaHaise <ben@...munityfibre.ca>
To: Jason Gunthorpe <jgg@...pe.ca>
Cc: James Bottomley <James.Bottomley@...senPartnership.com>,
linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: linux-mm@...ck.org - limping on a backup
On Mon, Jun 28, 2021 at 11:26:59AM -0300, Jason Gunthorpe wrote:
> Isn't a 7-bit conversion what I pointed at last time we talked about
> this?
I changed several options in postfix last time this was raised, but as
nobody ever provided a test case, I had no way of knowing if it worked or
not. Personally, I think DKIM provides very little value considering that
a good chunk of the spam that goes by has valid DKIM signatures, not to
mention that it doesn't help with modern phishing attempts much either.
> DKIM assumes a "modern" mail system, there should not be 7bit
> conversions in the mail pipeline. Anyone sending DKIM needs to be 8
> bit clean.
"Be strict in what you send, and be liberal in what you receive." DKIM
makes assumptions about the mail transport layer that are not true. If
the signatures had been applied on content *after* the quoted printable
conversion, this would never have been an issue. DKIM is a poorly done
spec that ignores decades of that philosophy at the IETF. And even if a
DKIM signature passes, that's still not enough to trust the resulting
email. All it does is ensure that a small subset of valid emails get
dropped on the floor. This doesn't seem like an overall win.
-ben
--
"Thought is the essence of where you are now."
Powered by blists - more mailing lists