1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <adam@signal11.com>) id 1Z62ja-0005Bd-NH
for bitcoin-development@lists.sourceforge.net;
Fri, 19 Jun 2015 20:17:54 +0000
X-ACL-Warn:
Received: from mail-qc0-f174.google.com ([209.85.216.174])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1Z62jZ-0007EX-9r
for bitcoin-development@lists.sourceforge.net;
Fri, 19 Jun 2015 20:17:54 +0000
Received: by qcbcf1 with SMTP id cf1so14364166qcb.0
for <bitcoin-development@lists.sourceforge.net>;
Fri, 19 Jun 2015 13:17:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:date
:message-id:subject:from:to:cc:content-type;
bh=lJ+1sdXu/Luok8wHXhisuk9IFYUkg2Ti/zyqzis4S64=;
b=D7kvhAePwJcq4YiXtnm649FlAIDq5aHHVYujs/+H+3mcFg/ndgr6GCtcfrVekYWKl+
0PCntw4aORwn7LWIJbS5+i+8BzTWdxAO1WukbuK/CipXJK8Nx0VDMjop6NGqV4ZqfH2S
UKcd6xaybRU49hbRys9znNqDdy9O3sKTpM0IFH9gT6GZ9LRAPTUCK+VPXe8BdwInwe4V
u/pu/bimsYAzcANDe4eiBe2Yq9TS6Re48WZ0t+n+CMo1Um5eODXOim40CrGqy6V2/xIH
V7akaXX45u7B8npSy2M3bTg+Sht8rPB2hMo02Hf2xWLY0Z9GjUGNPOx63W719SOEufC0
eixA==
X-Gm-Message-State: ALoCoQnNpeHIScb7t4JNEjwBlSoPn4HqRrBTkA6tUOXs1f+/E4Qz9T36FEzSRXiXOe0u6XBKkAbI
MIME-Version: 1.0
X-Received: by 10.140.130.193 with SMTP id 184mr25228755qhc.2.1434743276628;
Fri, 19 Jun 2015 12:47:56 -0700 (PDT)
Received: by 10.96.154.66 with HTTP; Fri, 19 Jun 2015 12:47:56 -0700 (PDT)
In-Reply-To: <CAEz79PriNzD18Es60=2Nkz5U6G=Ocrm9ezJmK0P1DirdP-vPkw@mail.gmail.com>
References: <CAEz79PoDn+-aDkqSfPeQFUjYDEDEhSrJ2mFYcbitHBf4oADBSg@mail.gmail.com>
<CANEZrP3vut8uYWeeynLdwvSM56eXZZdgidaEgcvg1FNMye6P9w@mail.gmail.com>
<CAEz79Pr4ug8zyJ5bibCG3m0YD8gkBiXysWJsZDThTiwXsgd7YQ@mail.gmail.com>
<CANEZrP1T3r=VDRBTM_jrm_g0BkQy_NZA40BPcZtVDq_0au6TKw@mail.gmail.com>
<CAEz79PriNzD18Es60=2Nkz5U6G=Ocrm9ezJmK0P1DirdP-vPkw@mail.gmail.com>
Date: Fri, 19 Jun 2015 15:47:56 -0400
Message-ID: <CAFVoEQQF2TLTMpm0DvdXJV-mG3OA6ZU0=vbX1jZdKQ53=xwuOg@mail.gmail.com>
From: Adam Weiss <adam@signal11.com>
To: "Warren Togami Jr." <wtogami@gmail.com>
Content-Type: multipart/alternative; boundary=001a1134f0c85903d30518e433ee
X-Spam-Score: 1.0 (+)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
1.0 HTML_MESSAGE BODY: HTML included in message
X-Headers-End: 1Z62jZ-0007EX-9r
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Mailman incompatibility with DKIM ...
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2015 20:17:54 -0000
--001a1134f0c85903d30518e433ee
Content-Type: text/plain; charset=UTF-8
Hi Warren,
If you set dmarc_moderation_action to "Munge from", the list will detect
when someone posts from a domain that publishes a request for strict
signature checking for all mails originating from it (in DNS) and rewrite
the envelope-from to the list's address. Reply-to will be added and set to
the original sender.
I think that this is probably a better way to workaround the issue (rather
than playing with getting the list to not break the signature) until these
things mature further.
Thoughts?
--adam
On Fri, Jun 19, 2015 at 6:38 AM, Warren Togami Jr. <wtogami@gmail.com>
wrote:
> On Fri, Jun 19, 2015 at 12:24 AM, Mike Hearn <mike@plan99.net> wrote:
>
>> The new list currently has footers removed during testing. I am not
>>> pleased with the need to remove the subject tag and footer to be more
>>> compatible with DKIM users.
>>>
>>
>> Lists can do what are effectively MITM attacks on people's messages in
>> any way they like, if they resign for the messages themselves. That seems
>> fair to me! :)
>>
>
> Mailman isn't resigning it. Should it be? Does other mailing list
> software?
>
>
>>
>>
>>> I'm guessing DKIM enforcement is not very common because of issues like
>>> this?
>>>
>>
>> DKIM is used by most mail on the internet. DMARC rules that publish in
>> DNS statements like "All mail from bitpay.com is signed correctly so
>> trash any that isn't" are used on some of the worlds most heavily phished
>> domains like google.com, PayPal, eBay, and indeed BitPay.
>>
>> These rules are understood and enforced by all major webmail providers
>> including Gmail. It's actually only rusty geek infrastructure that has
>> problems with this, I've never heard of DKIM/DMARC users having issues
>> outside of dealing with mailman. The vast majority of email users who never
>> post to technical mailing lists benefit from it significantly.
>>
>> Really everyone should use them. Adding cryptographic integrity to email
>> is hardly a crazy idea :)
>>
>
> I understand the reason to protect the "heavily phished" domains. I heard
> that LKML does not modify the subject or add a footer, perhaps because it
> would make it incompatible with DKIM of the several big corporate domains
> who participate.
>
> I suppose it is somewhat acceptable for us to remove subject tags and
> footers if we have no choice...
>
> Warren
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
--001a1134f0c85903d30518e433ee
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hi Warren,<div><br></div><div>If you set dmarc_moderation_=
action to "Munge from", the list will detect when someone posts f=
rom a domain that publishes a request for strict signature checking for all=
mails originating from it (in DNS) and rewrite the envelope-from to the li=
st's address.=C2=A0 Reply-to will be added and set to the original send=
er.</div><div><br></div><div>I think that this is probably a better way to =
workaround the issue (rather than playing with getting the list to not brea=
k the signature) until these things mature further.</div><div><br></div><di=
v>Thoughts?</div><div><br></div><div>--adam</div><div><br></div><div><br></=
div><div>=C2=A0</div></div><div class=3D"gmail_extra"><br><div class=3D"gma=
il_quote">On Fri, Jun 19, 2015 at 6:38 AM, Warren Togami Jr. <span dir=3D"l=
tr"><<a href=3D"mailto:wtogami@gmail.com" target=3D"_blank">wtogami@gmai=
l.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"m=
argin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"l=
tr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><span class=3D"">=
On Fri, Jun 19, 2015 at 12:24 AM, Mike Hearn <span dir=3D"ltr"><<a href=
=3D"mailto:mike@plan99.net" target=3D"_blank">mike@plan99.net</a>></span=
> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bo=
rder-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"g=
mail_extra"><div class=3D"gmail_quote"><span><blockquote class=3D"gmail_quo=
te" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"=
><div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><di=
v>The new list currently has footers removed during testing.=C2=A0 I am not=
pleased with the need to remove the subject tag and footer to be more comp=
atible with DKIM users.</div></div></div></div></blockquote><div><br></div>=
</span><div>Lists can do what are effectively MITM attacks on people's =
messages in any way they like, if they resign for the messages themselves. =
That seems fair to me! =C2=A0:)</div></div></div></div></blockquote><div><b=
r></div></span><div>Mailman isn't resigning it.=C2=A0 Should it be?=C2=
=A0 Does other mailing list software?=C2=A0</div><span class=3D""><div>=C2=
=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;borde=
r-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmai=
l_extra"><div class=3D"gmail_quote"><span><div>=C2=A0</div><blockquote clas=
s=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pad=
ding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gm=
ail_quote"><span><div>=C2=A0I'm guessing DKIM enforcement is not very c=
ommon because of issues like this?</div></span></div></div></div></blockquo=
te><div><br></div></span><div>DKIM is used by most mail on the internet. DM=
ARC rules that publish in DNS statements like "All mail from <a href=
=3D"http://bitpay.com" target=3D"_blank">bitpay.com</a> is signed correctly=
so trash any that isn't" are used on some of the worlds most heav=
ily phished domains like <a href=3D"http://google.com" target=3D"_blank">go=
ogle.com</a>, PayPal, eBay, and indeed BitPay.=C2=A0</div><div><br></div><d=
iv>These rules are understood and enforced by all major webmail providers i=
ncluding Gmail. It's actually only rusty geek infrastructure that has p=
roblems with this, I've never heard of DKIM/DMARC users having issues o=
utside of dealing with mailman. The vast majority of email users who never =
post to technical mailing lists benefit from it significantly.</div><div><b=
r></div><div>Really everyone should use them. Adding cryptographic integrit=
y to email is hardly a crazy idea :)</div></div></div></div></blockquote><d=
iv><br></div></span><div>I understand the reason to protect the "heavi=
ly phished" domains.=C2=A0 I heard that LKML does not modify the subje=
ct or add a footer, perhaps because it would make it incompatible with DKIM=
of the several big corporate domains who participate.</div><div><br></div>=
<div>I suppose it is somewhat acceptable for us to remove subject tags and =
footers if we have no choice...</div><span class=3D"HOEnZb"><font color=3D"=
#888888"><div><br></div></font></span></div></div><span class=3D"HOEnZb"><f=
ont color=3D"#888888"><div class=3D"gmail_extra">Warren</div></font></span>=
</div>
<br>-----------------------------------------------------------------------=
-------<br>
<br>_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" rel=3D"noreferrer" target=3D"_blank">https://lists.sourceforge.net/lists/=
listinfo/bitcoin-development</a><br>
<br></blockquote></div><br></div>
--001a1134f0c85903d30518e433ee--
|