Re: [ietf-smtp] broken signatures, was Curious

John Levine <johnl@taugh.com> Wed, 22 July 2020 17:15 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18B323A0B77 for <ietf-smtp@ietfa.amsl.com>; Wed, 22 Jul 2020 10:15:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=YD8W7Fh1; dkim=pass (1536-bit key) header.d=taugh.com header.b=OWI2h3HI
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dVrHdm3cP7tv for <ietf-smtp@ietfa.amsl.com>; Wed, 22 Jul 2020 10:15:41 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C69DC3A0B53 for <ietf-smtp@ietf.org>; Wed, 22 Jul 2020 10:15:40 -0700 (PDT)
Received: (qmail 27294 invoked from network); 22 Jul 2020 17:15:39 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=6a9c.5f18743b.k2007; bh=qXBrmfNmiLhZywt9xHVLBQmSyL/VZnLmO5vbM0aIiQg=; b=YD8W7Fh1bd8R99m1Qml9np3c8tdjyVzFZDEQVm9Pn+mVPy2+0lzxDajir5YVAc7vq2n1+KGr6++Reor7n6hCnyqJ2xAk4CCd4YaPcH2vOL+SLMkgMBFNS/zhwnH84dIB/2cLRPhLCjT7vDetn7Vfp/PWoha7pCUkqOZNpE680xNmX6/Erthihzu+6CEMNiv/X5ObIyUKmXJaP+UikPtl+NXi90VucpvtRIxFU1Y7jYABZC8DJZLlN5jQfnIgudrl
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=6a9c.5f18743b.k2007; bh=qXBrmfNmiLhZywt9xHVLBQmSyL/VZnLmO5vbM0aIiQg=; b=OWI2h3HITCRRvXOPvkB3r0HWQrvAZm7O13evI9clpfrx+IX0GIh5PaZH0gBpH6NhrXn4qV43G2FQDfL/CufQWalyEQnVcMtRJp442XSt1cJtvomehxULyhYeH5JHAg9chjcbkoOaVMn3aC4uCQGbBZuqPkT57pwlggfNsRNqW0ZBw1UUr/m91YP0zDRz8/1t4jebauYOoIewawY7TT9r0mejGPwYUv2yMViOwbXm/1eRwHJXlAMnGhtrcfu3klzB
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 22 Jul 2020 17:15:39 -0000
Received: by ary.qy (Postfix, from userid 501) id C70B81D61CA4; Wed, 22 Jul 2020 13:15:38 -0400 (EDT)
Date: Wed, 22 Jul 2020 13:15:38 -0400
Message-Id: <20200722171538.C70B81D61CA4@ary.qy>
From: John Levine <johnl@taugh.com>
To: ietf-smtp@ietf.org
In-Reply-To: <20200722073729.Horde.SIygPSVAVmeieJf3240hN_q@webmail.aegee.org>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/AsoyHCclHj_l763JUxQXqWYFM2U>
Subject: Re: [ietf-smtp] broken signatures, was Curious
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2020 17:15:43 -0000

In article <20200722073729.Horde.SIygPSVAVmeieJf3240hN_q@webmail.aegee.org> you write:
>Hello,
>
>> A better (but annoying) reason is there are a smattering of servers which
>> reject messages
>> based on broken DKIM signatures, against the rfc.
>
>This does not have to be against the RFC.

Sections 6.1 and 6.3 of RFC 6376 say that an unverifiable DKIM
signature is treated as though the signature was not present.

-- 
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly