| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Dec 2021 10:00:32 -0500 From: Konstantin Ryabitsev <konstantin@...uxfoundation.org> To: postmaster@...el.com, linux-kernel@...r.kernel.org Subject: Please switch intel.com DKIM signatures to c=relaxed/simple Dear Intel Postmaster: The intel.com domain has recently started DKIM-signing all outgoing mail, which is great news, as it helps to add a degree of cryptographic attestation to smtp-exchanged messages. Unfortunately, your DKIM c= (canonicalization) setting is currently configured as simple/simple, which is unnecessarily fragile and will likely result in a greater degree of quarantined mail, especially for messages traversing a mailing list service. To explain, the first "simple" in simple/simple means that the message headers are signed without any whitespace normalization. If an SMTP-processing gateway even so much as rewraps a header by adding or deleting newlines (which it is perfectly allowed per RFC), the DKIM signature will stop validating and the message will likely be quarantined by the recipient's SMTP gateway. This is happening right now for any intel.com messages sent via vger.kernel.org -- they are marked as spam by services like Gmail. So, please reconfigure intel.com's DKIM signature setting to use c=relaxed/simple. It will have the exact same security effect (nobody cares about whitespace in headers), and it will greatly improve the lives of many kernel developers at Intel. Best regards, -- Konstantin Ryabitsev Director, Core IT Projects The Linux Foundation
Powered by blists - more mailing lists