1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <wtogami@gmail.com>) id 1Z5tgz-0002II-Ox
for bitcoin-development@lists.sourceforge.net;
Fri, 19 Jun 2015 10:38:37 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.220.52 as permitted sender)
client-ip=209.85.220.52; envelope-from=wtogami@gmail.com;
helo=mail-pa0-f52.google.com;
Received: from mail-pa0-f52.google.com ([209.85.220.52])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1Z5tgx-0003sz-TO
for bitcoin-development@lists.sourceforge.net;
Fri, 19 Jun 2015 10:38:37 +0000
Received: by pacyx8 with SMTP id yx8so82925426pac.2
for <bitcoin-development@lists.sourceforge.net>;
Fri, 19 Jun 2015 03:38:30 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.68.161.4 with SMTP id xo4mr30662086pbb.65.1434710310275;
Fri, 19 Jun 2015 03:38:30 -0700 (PDT)
Received: by 10.70.93.72 with HTTP; Fri, 19 Jun 2015 03:38:30 -0700 (PDT)
In-Reply-To: <CANEZrP1T3r=VDRBTM_jrm_g0BkQy_NZA40BPcZtVDq_0au6TKw@mail.gmail.com>
References: <CAEz79PoDn+-aDkqSfPeQFUjYDEDEhSrJ2mFYcbitHBf4oADBSg@mail.gmail.com>
<CANEZrP3vut8uYWeeynLdwvSM56eXZZdgidaEgcvg1FNMye6P9w@mail.gmail.com>
<CAEz79Pr4ug8zyJ5bibCG3m0YD8gkBiXysWJsZDThTiwXsgd7YQ@mail.gmail.com>
<CANEZrP1T3r=VDRBTM_jrm_g0BkQy_NZA40BPcZtVDq_0au6TKw@mail.gmail.com>
Date: Fri, 19 Jun 2015 00:38:30 -1000
Message-ID: <CAEz79PriNzD18Es60=2Nkz5U6G=Ocrm9ezJmK0P1DirdP-vPkw@mail.gmail.com>
From: "Warren Togami Jr." <wtogami@gmail.com>
To: Mike Hearn <mike@plan99.net>
Content-Type: multipart/alternative; boundary=047d7bdc1b426650b40518dc869a
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(wtogami[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1Z5tgx-0003sz-TO
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Mailman incompatibility with DKIM ...
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2015 10:38:37 -0000
--047d7bdc1b426650b40518dc869a
Content-Type: text/plain; charset=UTF-8
On Fri, Jun 19, 2015 at 12:24 AM, Mike Hearn <mike@plan99.net> wrote:
> The new list currently has footers removed during testing. I am not
>> pleased with the need to remove the subject tag and footer to be more
>> compatible with DKIM users.
>>
>
> Lists can do what are effectively MITM attacks on people's messages in any
> way they like, if they resign for the messages themselves. That seems fair
> to me! :)
>
Mailman isn't resigning it. Should it be? Does other mailing list
software?
>
>
>> I'm guessing DKIM enforcement is not very common because of issues like
>> this?
>>
>
> DKIM is used by most mail on the internet. DMARC rules that publish in DNS
> statements like "All mail from bitpay.com is signed correctly so trash
> any that isn't" are used on some of the worlds most heavily phished domains
> like google.com, PayPal, eBay, and indeed BitPay.
>
> These rules are understood and enforced by all major webmail providers
> including Gmail. It's actually only rusty geek infrastructure that has
> problems with this, I've never heard of DKIM/DMARC users having issues
> outside of dealing with mailman. The vast majority of email users who never
> post to technical mailing lists benefit from it significantly.
>
> Really everyone should use them. Adding cryptographic integrity to email
> is hardly a crazy idea :)
>
I understand the reason to protect the "heavily phished" domains. I heard
that LKML does not modify the subject or add a footer, perhaps because it
would make it incompatible with DKIM of the several big corporate domains
who participate.
I suppose it is somewhat acceptable for us to remove subject tags and
footers if we have no choice...
Warren
--047d7bdc1b426650b40518dc869a
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On F=
ri, Jun 19, 2015 at 12:24 AM, Mike Hearn <span dir=3D"ltr"><<a href=3D"m=
ailto:mike@plan99.net" target=3D"_blank">mike@plan99.net</a>></span> wro=
te:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-=
left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_=
extra"><div class=3D"gmail_quote"><span class=3D""><blockquote class=3D"gma=
il_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-lef=
t:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quot=
e"><div>The new list currently has footers removed during testing.=C2=A0 I =
am not pleased with the need to remove the subject tag and footer to be mor=
e compatible with DKIM users.</div></div></div></div></blockquote><div><br>=
</div></span><div>Lists can do what are effectively MITM attacks on people&=
#39;s messages in any way they like, if they resign for the messages themse=
lves. That seems fair to me! =C2=A0:)</div></div></div></div></blockquote><=
div><br></div><div>Mailman isn't resigning it.=C2=A0 Should it be?=C2=
=A0 Does other mailing list software?=C2=A0</div><div>=C2=A0</div><blockquo=
te class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc so=
lid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra"><div clas=
s=3D"gmail_quote"><span class=3D""><div>=C2=A0</div><blockquote class=3D"gm=
ail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-le=
ft:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quo=
te"><span><div>=C2=A0I'm guessing DKIM enforcement is not very common b=
ecause of issues like this?</div></span></div></div></div></blockquote><div=
><br></div></span><div>DKIM is used by most mail on the internet. DMARC rul=
es that publish in DNS statements like "All mail from <a href=3D"http:=
//bitpay.com" target=3D"_blank">bitpay.com</a> is signed correctly so trash=
any that isn't" are used on some of the worlds most heavily phish=
ed domains like <a href=3D"http://google.com" target=3D"_blank">google.com<=
/a>, PayPal, eBay, and indeed BitPay.=C2=A0</div><div><br></div><div>These =
rules are understood and enforced by all major webmail providers including =
Gmail. It's actually only rusty geek infrastructure that has problems w=
ith this, I've never heard of DKIM/DMARC users having issues outside of=
dealing with mailman. The vast majority of email users who never post to t=
echnical mailing lists benefit from it significantly.</div><div><br></div><=
div>Really everyone should use them. Adding cryptographic integrity to emai=
l is hardly a crazy idea :)</div></div></div></div></blockquote><div><br></=
div><div>I understand the reason to protect the "heavily phished"=
domains.=C2=A0 I heard that LKML does not modify the subject or add a foot=
er, perhaps because it would make it incompatible with DKIM of the several =
big corporate domains who participate.</div><div><br></div><div>I suppose i=
t is somewhat acceptable for us to remove subject tags and footers if we ha=
ve no choice...</div><div><br></div></div></div><div class=3D"gmail_extra">=
Warren</div></div>
--047d7bdc1b426650b40518dc869a--
|