Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. dev
[Bug 376] Support for DKIM
holmgren at lysator
Aug 9, 2007, 8:17 AM
Post #1 of 5 (1321 views)
Permalink
------- You are receiving this mail because: -------
You are the QA contact for the bug.

http://bugs.exim.org/show_bug.cgi?id=376




--- Comment #2 from Magnus Holmgren <holmgren@lysator.liu.se> 2007-08-09 16:17:42 ---
On Thursday 09 August 2007 15:34, Peter Gervai wrote:
> See also http://dkim-connector.agitos.de/trac/wiki

Are you part of the DKIM Connector team? If so, how do you plan to implement
the Exim module?


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 376] Support for DKIM [ In reply to ]
grin at grin
Aug 9, 2007, 6:34 AM
Post #2 of 5 (1294 views)
Permalink
------- You are receiving this mail because: -------
You are the QA contact for the bug.

http://bugs.exim.org/show_bug.cgi?id=376




--- Comment #1 from Peter Gervai <grin@grin.hu> 2007-08-09 14:34:55 ---
See also http://dkim-connector.agitos.de/trac/wiki


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 376] Support for DKIM [ In reply to ]
grin at grin
Aug 9, 2007, 10:13 AM
Post #3 of 5 (1297 views)
Permalink
------- You are receiving this mail because: -------
You are the QA contact for the bug.

http://bugs.exim.org/show_bug.cgi?id=376




--- Comment #3 from Peter Gervai <grin@grin.hu> 2007-08-09 18:13:36 ---
Magnus,

No I'm not. However this was the only project (apart from the ages old mails on
exim-devel) that seemed to plan to do anything about it. As far as I remember
the conclusion was that the function would be very useful and nice, and it
requires large redesign, and people generally seemed to agree that someone
should do it. :-) I occasionally scan the net for any code to see and today
google spat out this one. They seem to have zero lines of code but the "group"
(whoever he might be) seems flexible enough to listen to exim's requirements
for the design, and may even contribute to the already done code fragments I
suspect to lie around somewhere...

I'm just an end user regarding this matter, unfortunately, due to severe time
constraints. Just trying to make interested people to meet. :-) [And
shamelessly trying to have working DKIM in Exim :)]


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 376] Support for DKIM [ In reply to ]
grin at grin
Aug 9, 2007, 10:14 AM
Post #4 of 5 (1281 views)
Permalink
------- You are receiving this mail because: -------
You are the QA contact for the bug.

http://bugs.exim.org/show_bug.cgi?id=376




--- Comment #4 from Peter Gervai <grin@grin.hu> 2007-08-09 18:14:59 ---
Btw this bug should possibly be updated about the discussion on the devel list,
and any possible results thereof.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 376] Support for DKIM [ In reply to ]
holmgren at lysator
Aug 17, 2007, 11:09 AM
Post #5 of 5 (1252 views)
Permalink
------- You are receiving this mail because: -------
You are the QA contact for the bug.

http://bugs.exim.org/show_bug.cgi?id=376




--- Comment #5 from Magnus Holmgren <holmgren@lysator.liu.se> 2007-08-17 19:09:07 ---
I add a copy of some thoughts I sent to both exim-users and exim-dev earlier:

In a message header there can be one Originator Signature and any number of
Third-party Signatures (but in practice never more than one or maybe two).
third-party signatures are good for two things (*if you trust the signer*, of
course): 1) They can certify that the originator signature (or the previous
signature, or both; I'm not sure) was valid when it got to them: "A
DKIM-aware Mailing List Manager MUST NOT re-sign an improperly signed message
in such a way that would imply that the existing signature is acceptable."
and 2) they can certify that the message was indeed sent by the purported
originator, even if there is no originator signature, e.g. if the identity
has been established through some other means (it doesn't say this in the SSP
I-D, but you can see that it's a workable use case; an example would be the
Exim Bugzilla, which sends out notices on behalf of the person who adds
comments or changes bug fields (the mail-in interface lacks authentication
though, so we should be careful there).

This means that there *can* be DKIM features that work similarly to the
existing DK features: Exim would need a list of trusted third-party signers;
dkim_sender_domains, dkim_sender_local_parts, and dkim_senders would then
succeed if there is a matching, valid originator signature *or* there is an
originator signature that is signed by a trusted third-party signer.
dkim_status and dkim_policy could also refer to the originator signature.

But users could still want to do things with messages that are simply signed
by certain signers, even if there is no originator signature, so there are
still many things to take into account.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal