Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from <wtogami@gmail.com>) id 1Z5tgz-0002II-Ox for bitcoin-development@lists.sourceforge.net; Fri, 19 Jun 2015 10:38:37 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.220.52 as permitted sender) client-ip=209.85.220.52; envelope-from=wtogami@gmail.com; helo=mail-pa0-f52.google.com; Received: from mail-pa0-f52.google.com ([209.85.220.52]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Z5tgx-0003sz-TO for bitcoin-development@lists.sourceforge.net; Fri, 19 Jun 2015 10:38:37 +0000 Received: by pacyx8 with SMTP id yx8so82925426pac.2 for <bitcoin-development@lists.sourceforge.net>; Fri, 19 Jun 2015 03:38:30 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.68.161.4 with SMTP id xo4mr30662086pbb.65.1434710310275; Fri, 19 Jun 2015 03:38:30 -0700 (PDT) Received: by 10.70.93.72 with HTTP; Fri, 19 Jun 2015 03:38:30 -0700 (PDT) In-Reply-To: <CANEZrP1T3r=VDRBTM_jrm_g0BkQy_NZA40BPcZtVDq_0au6TKw@mail.gmail.com> References: <CAEz79PoDn+-aDkqSfPeQFUjYDEDEhSrJ2mFYcbitHBf4oADBSg@mail.gmail.com> <CANEZrP3vut8uYWeeynLdwvSM56eXZZdgidaEgcvg1FNMye6P9w@mail.gmail.com> <CAEz79Pr4ug8zyJ5bibCG3m0YD8gkBiXysWJsZDThTiwXsgd7YQ@mail.gmail.com> <CANEZrP1T3r=VDRBTM_jrm_g0BkQy_NZA40BPcZtVDq_0au6TKw@mail.gmail.com> Date: Fri, 19 Jun 2015 00:38:30 -1000 Message-ID: <CAEz79PriNzD18Es60=2Nkz5U6G=Ocrm9ezJmK0P1DirdP-vPkw@mail.gmail.com> From: "Warren Togami Jr." <wtogami@gmail.com> To: Mike Hearn <mike@plan99.net> Content-Type: multipart/alternative; boundary=047d7bdc1b426650b40518dc869a X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (wtogami[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Z5tgx-0003sz-TO Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net> Subject: Re: [Bitcoin-development] Mailman incompatibility with DKIM ... X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: <bitcoin-development.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> List-Post: <mailto:bitcoin-development@lists.sourceforge.net> List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> X-List-Received-Date: Fri, 19 Jun 2015 10:38:37 -0000 --047d7bdc1b426650b40518dc869a Content-Type: text/plain; charset=UTF-8 On Fri, Jun 19, 2015 at 12:24 AM, Mike Hearn <mike@plan99.net> wrote: > The new list currently has footers removed during testing. I am not >> pleased with the need to remove the subject tag and footer to be more >> compatible with DKIM users. >> > > Lists can do what are effectively MITM attacks on people's messages in any > way they like, if they resign for the messages themselves. That seems fair > to me! :) > Mailman isn't resigning it. Should it be? Does other mailing list software? > > >> I'm guessing DKIM enforcement is not very common because of issues like >> this? >> > > DKIM is used by most mail on the internet. DMARC rules that publish in DNS > statements like "All mail from bitpay.com is signed correctly so trash > any that isn't" are used on some of the worlds most heavily phished domains > like google.com, PayPal, eBay, and indeed BitPay. > > These rules are understood and enforced by all major webmail providers > including Gmail. It's actually only rusty geek infrastructure that has > problems with this, I've never heard of DKIM/DMARC users having issues > outside of dealing with mailman. The vast majority of email users who never > post to technical mailing lists benefit from it significantly. > > Really everyone should use them. Adding cryptographic integrity to email > is hardly a crazy idea :) > I understand the reason to protect the "heavily phished" domains. I heard that LKML does not modify the subject or add a footer, perhaps because it would make it incompatible with DKIM of the several big corporate domains who participate. I suppose it is somewhat acceptable for us to remove subject tags and footers if we have no choice... Warren --047d7bdc1b426650b40518dc869a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On F= ri, Jun 19, 2015 at 12:24 AM, Mike Hearn <span dir=3D"ltr"><<a href=3D"m= ailto:mike@plan99.net" target=3D"_blank">mike@plan99.net</a>></span> wro= te:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-= left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_= extra"><div class=3D"gmail_quote"><span class=3D""><blockquote class=3D"gma= il_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-lef= t:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quot= e"><div>The new list currently has footers removed during testing.=C2=A0 I = am not pleased with the need to remove the subject tag and footer to be mor= e compatible with DKIM users.</div></div></div></div></blockquote><div><br>= </div></span><div>Lists can do what are effectively MITM attacks on people&= #39;s messages in any way they like, if they resign for the messages themse= lves. That seems fair to me! =C2=A0:)</div></div></div></div></blockquote><= div><br></div><div>Mailman isn't resigning it.=C2=A0 Should it be?=C2= =A0 Does other mailing list software?=C2=A0</div><div>=C2=A0</div><blockquo= te class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc so= lid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra"><div clas= s=3D"gmail_quote"><span class=3D""><div>=C2=A0</div><blockquote class=3D"gm= ail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-le= ft:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quo= te"><span><div>=C2=A0I'm guessing DKIM enforcement is not very common b= ecause of issues like this?</div></span></div></div></div></blockquote><div= ><br></div></span><div>DKIM is used by most mail on the internet. DMARC rul= es that publish in DNS statements like "All mail from <a href=3D"http:= //bitpay.com" target=3D"_blank">bitpay.com</a> is signed correctly so trash= any that isn't" are used on some of the worlds most heavily phish= ed domains like <a href=3D"http://google.com" target=3D"_blank">google.com<= /a>, PayPal, eBay, and indeed BitPay.=C2=A0</div><div><br></div><div>These = rules are understood and enforced by all major webmail providers including = Gmail. It's actually only rusty geek infrastructure that has problems w= ith this, I've never heard of DKIM/DMARC users having issues outside of= dealing with mailman. The vast majority of email users who never post to t= echnical mailing lists benefit from it significantly.</div><div><br></div><= div>Really everyone should use them. Adding cryptographic integrity to emai= l is hardly a crazy idea :)</div></div></div></div></blockquote><div><br></= div><div>I understand the reason to protect the "heavily phished"= domains.=C2=A0 I heard that LKML does not modify the subject or add a foot= er, perhaps because it would make it incompatible with DKIM of the several = big corporate domains who participate.</div><div><br></div><div>I suppose i= t is somewhat acceptable for us to remove subject tags and footers if we ha= ve no choice...</div><div><br></div></div></div><div class=3D"gmail_extra">= Warren</div></div> --047d7bdc1b426650b40518dc869a--