Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from <adam@signal11.com>) id 1Z62ja-0005Bd-NH for bitcoin-development@lists.sourceforge.net; Fri, 19 Jun 2015 20:17:54 +0000 X-ACL-Warn: Received: from mail-qc0-f174.google.com ([209.85.216.174]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Z62jZ-0007EX-9r for bitcoin-development@lists.sourceforge.net; Fri, 19 Jun 2015 20:17:54 +0000 Received: by qcbcf1 with SMTP id cf1so14364166qcb.0 for <bitcoin-development@lists.sourceforge.net>; Fri, 19 Jun 2015 13:17:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=lJ+1sdXu/Luok8wHXhisuk9IFYUkg2Ti/zyqzis4S64=; b=D7kvhAePwJcq4YiXtnm649FlAIDq5aHHVYujs/+H+3mcFg/ndgr6GCtcfrVekYWKl+ 0PCntw4aORwn7LWIJbS5+i+8BzTWdxAO1WukbuK/CipXJK8Nx0VDMjop6NGqV4ZqfH2S UKcd6xaybRU49hbRys9znNqDdy9O3sKTpM0IFH9gT6GZ9LRAPTUCK+VPXe8BdwInwe4V u/pu/bimsYAzcANDe4eiBe2Yq9TS6Re48WZ0t+n+CMo1Um5eODXOim40CrGqy6V2/xIH V7akaXX45u7B8npSy2M3bTg+Sht8rPB2hMo02Hf2xWLY0Z9GjUGNPOx63W719SOEufC0 eixA== X-Gm-Message-State: ALoCoQnNpeHIScb7t4JNEjwBlSoPn4HqRrBTkA6tUOXs1f+/E4Qz9T36FEzSRXiXOe0u6XBKkAbI MIME-Version: 1.0 X-Received: by 10.140.130.193 with SMTP id 184mr25228755qhc.2.1434743276628; Fri, 19 Jun 2015 12:47:56 -0700 (PDT) Received: by 10.96.154.66 with HTTP; Fri, 19 Jun 2015 12:47:56 -0700 (PDT) In-Reply-To: <CAEz79PriNzD18Es60=2Nkz5U6G=Ocrm9ezJmK0P1DirdP-vPkw@mail.gmail.com> References: <CAEz79PoDn+-aDkqSfPeQFUjYDEDEhSrJ2mFYcbitHBf4oADBSg@mail.gmail.com> <CANEZrP3vut8uYWeeynLdwvSM56eXZZdgidaEgcvg1FNMye6P9w@mail.gmail.com> <CAEz79Pr4ug8zyJ5bibCG3m0YD8gkBiXysWJsZDThTiwXsgd7YQ@mail.gmail.com> <CANEZrP1T3r=VDRBTM_jrm_g0BkQy_NZA40BPcZtVDq_0au6TKw@mail.gmail.com> <CAEz79PriNzD18Es60=2Nkz5U6G=Ocrm9ezJmK0P1DirdP-vPkw@mail.gmail.com> Date: Fri, 19 Jun 2015 15:47:56 -0400 Message-ID: <CAFVoEQQF2TLTMpm0DvdXJV-mG3OA6ZU0=vbX1jZdKQ53=xwuOg@mail.gmail.com> From: Adam Weiss <adam@signal11.com> To: "Warren Togami Jr." <wtogami@gmail.com> Content-Type: multipart/alternative; boundary=001a1134f0c85903d30518e433ee X-Spam-Score: 1.0 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1Z62jZ-0007EX-9r Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net> Subject: Re: [Bitcoin-development] Mailman incompatibility with DKIM ... X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: <bitcoin-development.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> List-Post: <mailto:bitcoin-development@lists.sourceforge.net> List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> X-List-Received-Date: Fri, 19 Jun 2015 20:17:54 -0000 --001a1134f0c85903d30518e433ee Content-Type: text/plain; charset=UTF-8 Hi Warren, If you set dmarc_moderation_action to "Munge from", the list will detect when someone posts from a domain that publishes a request for strict signature checking for all mails originating from it (in DNS) and rewrite the envelope-from to the list's address. Reply-to will be added and set to the original sender. I think that this is probably a better way to workaround the issue (rather than playing with getting the list to not break the signature) until these things mature further. Thoughts? --adam On Fri, Jun 19, 2015 at 6:38 AM, Warren Togami Jr. <wtogami@gmail.com> wrote: > On Fri, Jun 19, 2015 at 12:24 AM, Mike Hearn <mike@plan99.net> wrote: > >> The new list currently has footers removed during testing. I am not >>> pleased with the need to remove the subject tag and footer to be more >>> compatible with DKIM users. >>> >> >> Lists can do what are effectively MITM attacks on people's messages in >> any way they like, if they resign for the messages themselves. That seems >> fair to me! :) >> > > Mailman isn't resigning it. Should it be? Does other mailing list > software? > > >> >> >>> I'm guessing DKIM enforcement is not very common because of issues like >>> this? >>> >> >> DKIM is used by most mail on the internet. DMARC rules that publish in >> DNS statements like "All mail from bitpay.com is signed correctly so >> trash any that isn't" are used on some of the worlds most heavily phished >> domains like google.com, PayPal, eBay, and indeed BitPay. >> >> These rules are understood and enforced by all major webmail providers >> including Gmail. It's actually only rusty geek infrastructure that has >> problems with this, I've never heard of DKIM/DMARC users having issues >> outside of dealing with mailman. The vast majority of email users who never >> post to technical mailing lists benefit from it significantly. >> >> Really everyone should use them. Adding cryptographic integrity to email >> is hardly a crazy idea :) >> > > I understand the reason to protect the "heavily phished" domains. I heard > that LKML does not modify the subject or add a footer, perhaps because it > would make it incompatible with DKIM of the several big corporate domains > who participate. > > I suppose it is somewhat acceptable for us to remove subject tags and > footers if we have no choice... > > Warren > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --001a1134f0c85903d30518e433ee Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">Hi Warren,<div><br></div><div>If you set dmarc_moderation_= action to "Munge from", the list will detect when someone posts f= rom a domain that publishes a request for strict signature checking for all= mails originating from it (in DNS) and rewrite the envelope-from to the li= st's address.=C2=A0 Reply-to will be added and set to the original send= er.</div><div><br></div><div>I think that this is probably a better way to = workaround the issue (rather than playing with getting the list to not brea= k the signature) until these things mature further.</div><div><br></div><di= v>Thoughts?</div><div><br></div><div>--adam</div><div><br></div><div><br></= div><div>=C2=A0</div></div><div class=3D"gmail_extra"><br><div class=3D"gma= il_quote">On Fri, Jun 19, 2015 at 6:38 AM, Warren Togami Jr. <span dir=3D"l= tr"><<a href=3D"mailto:wtogami@gmail.com" target=3D"_blank">wtogami@gmai= l.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"m= argin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"l= tr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><span class=3D"">= On Fri, Jun 19, 2015 at 12:24 AM, Mike Hearn <span dir=3D"ltr"><<a href= =3D"mailto:mike@plan99.net" target=3D"_blank">mike@plan99.net</a>></span= > wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bo= rder-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"g= mail_extra"><div class=3D"gmail_quote"><span><blockquote class=3D"gmail_quo= te" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"= ><div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><di= v>The new list currently has footers removed during testing.=C2=A0 I am not= pleased with the need to remove the subject tag and footer to be more comp= atible with DKIM users.</div></div></div></div></blockquote><div><br></div>= </span><div>Lists can do what are effectively MITM attacks on people's = messages in any way they like, if they resign for the messages themselves. = That seems fair to me! =C2=A0:)</div></div></div></div></blockquote><div><b= r></div></span><div>Mailman isn't resigning it.=C2=A0 Should it be?=C2= =A0 Does other mailing list software?=C2=A0</div><span class=3D""><div>=C2= =A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;borde= r-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmai= l_extra"><div class=3D"gmail_quote"><span><div>=C2=A0</div><blockquote clas= s=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pad= ding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gm= ail_quote"><span><div>=C2=A0I'm guessing DKIM enforcement is not very c= ommon because of issues like this?</div></span></div></div></div></blockquo= te><div><br></div></span><div>DKIM is used by most mail on the internet. DM= ARC rules that publish in DNS statements like "All mail from <a href= =3D"http://bitpay.com" target=3D"_blank">bitpay.com</a> is signed correctly= so trash any that isn't" are used on some of the worlds most heav= ily phished domains like <a href=3D"http://google.com" target=3D"_blank">go= ogle.com</a>, PayPal, eBay, and indeed BitPay.=C2=A0</div><div><br></div><d= iv>These rules are understood and enforced by all major webmail providers i= ncluding Gmail. It's actually only rusty geek infrastructure that has p= roblems with this, I've never heard of DKIM/DMARC users having issues o= utside of dealing with mailman. The vast majority of email users who never = post to technical mailing lists benefit from it significantly.</div><div><b= r></div><div>Really everyone should use them. Adding cryptographic integrit= y to email is hardly a crazy idea :)</div></div></div></div></blockquote><d= iv><br></div></span><div>I understand the reason to protect the "heavi= ly phished" domains.=C2=A0 I heard that LKML does not modify the subje= ct or add a footer, perhaps because it would make it incompatible with DKIM= of the several big corporate domains who participate.</div><div><br></div>= <div>I suppose it is somewhat acceptable for us to remove subject tags and = footers if we have no choice...</div><span class=3D"HOEnZb"><font color=3D"= #888888"><div><br></div></font></span></div></div><span class=3D"HOEnZb"><f= ont color=3D"#888888"><div class=3D"gmail_extra">Warren</div></font></span>= </div> <br>-----------------------------------------------------------------------= -------<br> <br>_______________________________________________<br> Bitcoin-development mailing list<br> <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo= pment@lists.sourceforge.net</a><br> <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development= " rel=3D"noreferrer" target=3D"_blank">https://lists.sourceforge.net/lists/= listinfo/bitcoin-development</a><br> <br></blockquote></div><br></div> --001a1134f0c85903d30518e433ee--