Re: Mailman lists (reply-to) break OpenDKIM signatures

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Fri, 25 Jan 2013 10:21:26 -0800 (PST)

On Fri, 25 Jan 2013, Benny Pedersen wrote:
> i think there is really, it should be possible to control adsp for
> maillist to not get adsp fails back when dkim is pass for all keys used
> to verify, but since adsp is not supporting more then one selector it
> cant be resolved

If the author's domain signed the message and that signature is passing,
the ADSP will pass. Is that not what you're seeing? I haven't seen a
sample message like that yet (or I've missed it, which is entirely
possible).

> so even if i used one selector pr maillist adsp will still fail since it
> not selector advare in rfc ?

Correct. ADSP's algorithm is quite simple: "pass" if and only if there
was a valid signature whose "d=" matched the From: domain.

> can the rfc be enhanced to make this work, without break how adsp works
> ?

You'd have to call it something else. But what's wrong with just
validating the list signature?

-MSK
Received on Fri Jan 25 2013 - 18:21:47 PST

This archive was generated by hypermail 2.3.0 : Fri Jan 25 2013 - 18:27:01 PST