You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2009/09/01 18:57:09 UTC
[Bug 6189] New: draft-ietf-dkim-ssp-10 / RFC-5617 made Author Domain
Signature based on 'd'
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6189
Summary: draft-ietf-dkim-ssp-10 / RFC-5617 made Author Domain
Signature based on 'd'
Product: Spamassassin
Version: 3.3.0
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: Plugins
AssignedTo: dev@spamassassin.apache.org
ReportedBy: Mark.Martinec@ijs.si
Rats, I just noticed that in May 2009 a change from draft-ietf-dkim-ssp-09
to -10 (and subsequently published as RFC 5617 in August 2009) changed
the definition of author signature (which was based on 'i' signature tag)
and renamed it to 'author domain signature', and made it based on a 'd' tag.
The DKIM plugin still implements the former definition.
I'll prepare a change to comply with RFC 5617 (ADSP).
In practice there shouldn't be much difference (e.g. in whitelisting),
as the 'i' tag (identity) is rarely a subdomain of a 'd' (signing domain)
- typically the domain in identity is exactly the same as the domain in
a 'd' tag (explicitly or by default).
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6189] draft-ietf-dkim-ssp-10 / RFC-5617 made Author Domain
Signature based on 'd'
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6189
--- Comment #6 from Mark Martinec <Ma...@ijs.si> 2009-09-10 03:14:36 PST ---
(In reply to comment #5)
> Mail::DKIM 0.37 is out.
Indeed, finally. It is the same as its pre-release 0.36_6,
and only slightly different from 0.36_5 - the change does
not affect us in the DKIM plugin, as we use the ->policy
object directly, not through apply().
Now that the official Mail::DKIM release is out, packagers
won't have an excuse any longer not to upgrade their ports.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6189] draft-ietf-dkim-ssp-10 / RFC-5617 made Author Domain
Signature based on 'd'
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6189
Mark Martinec <Ma...@ijs.si> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |Mark.Martinec@ijs.si
--- Comment #4 from Mark Martinec <Ma...@ijs.si> 2009-09-09 12:55:00 PST ---
Bug 6189 - DKIM plugin:
draft-ietf-dkim-ssp-10/RFC-5617 made Author Domain Signature
based on 'd':
- updated ADSP code accordingly;
- changed whitelisting code to be based on SDID ('d')
instead of AUID ('i');
- as a mail message may have multiple authors, it can have
multiple author domain signatures from different domains,
and can have multiple author domain signing practices;
change internal data structures and code accordingly;
Sending lib/Mail/SpamAssassin/Plugin/DKIM.pm
Committed revision 813095 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=813095 ).
> Yes, that's correct. I apologize; I'd assumed that whoever was handling
> the DKIM plugin would be on the ietf-dkim mailing list.
> I'll make a point of alerting the SA community of any other changes,
> though I doubt there will be any.
I am on the ietf-dkim mailing list, but I wasn't paying attention
during times of conferences, holiday and new releases. Luckily it's
not too late for 3.3.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6189] draft-ietf-dkim-ssp-10 / RFC-5617 made Author Domain
Signature based on 'd'
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6189
--- Comment #8 from Mark Martinec <Ma...@ijs.si> 2009-09-10 06:40:37 PST ---
> Mark, isn't this FIXED now? :)
Yes, it is fixed now. I just wanted to let it linger for
a while in case some comments come up.
I may still polish some detail after observing logging
for a couple of days, but it seems it works as intended.
Actually there is one detail still troubling me: namely
a message may have several authors (addresses in a From
header field), and the DKIM plugin's internals now fully
recognizes this fact (e.g. it can fetch a ADSP policy for
each author's domain) - yet the $pms->get('from:addr') call
will only provide the first address from the list, AFICT.
I wonder what would be the right solution, apart from taking
the raw header and doing the parsing one more time.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6189] draft-ietf-dkim-ssp-10 / RFC-5617 made Author Domain
Signature based on 'd'
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6189
--- Comment #2 from Warren Togami <wt...@redhat.com> 2009-09-02 10:24:14 PST ---
What should be our minimum version of Mail::DKIM now?
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6189] draft-ietf-dkim-ssp-10 / RFC-5617 made Author Domain
Signature based on 'd'
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6189
Mark Martinec <Ma...@ijs.si> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #9 from Mark Martinec <Ma...@ijs.si> 2009-09-17 10:35:21 PDT ---
I'll close it now. I still don't know how to obtain multiple author addresses
(which is also loosely connected to Bug 6202 and Bug 5201 - accurate parsing
of a From headers would be really nice to have), but it is not a show-stopper
for a 3.3.0 release.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6189] draft-ietf-dkim-ssp-10 / RFC-5617 made Author Domain
Signature based on 'd'
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6189
--- Comment #3 from Mark Martinec <Ma...@ijs.si> 2009-09-02 10:32:53 PST ---
> What should be our minimum version of Mail::DKIM now?
- absolute minimal version of Mail::DKIM is 0.31;
- support for ADSP requires Mail::DKIM 0.34;
- a DNS test (and rule) for NXDOMAIN is operational since Mail::DKIM 0.36_5
So, if you are asking about mass-checking runs, it would be
nice to install the latest, which currently is 0.36_5, so that
we can get a sensible score value for the DKIM_ADSP_NXDOMAIN rule:
http://cpan.perl.org/authors/id/J/JA/JASLONG/
Otherwise the 0.31 is fine. Rarely anyone is publishing ADSP records
these days, so 0.34 does not offer much advantage over 0.31.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6189] draft-ietf-dkim-ssp-10 / RFC-5617 made Author Domain
Signature based on 'd'
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6189
J.D. Falk <jd...@returnpath.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jdfalk@returnpath.net
--- Comment #1 from J.D. Falk <jd...@returnpath.net> 2009-09-01 12:28:49 PST ---
(In reply to comment #0)
> Rats, I just noticed that in May 2009 a change from draft-ietf-dkim-ssp-09
> to -10 (and subsequently published as RFC 5617 in August 2009) changed
> the definition of author signature (which was based on 'i' signature tag)
> and renamed it to 'author domain signature', and made it based on a 'd' tag.
Yes, that's correct. I apologize; I'd assumed that whoever was handling the
DKIM plugin would be on the ietf-dkim mailing list.
I'll make a point of alerting the SA community of any other changes, though I
doubt there will be any.
> In practice there shouldn't be much difference (e.g. in whitelisting),
> as the 'i' tag (identity) is rarely a subdomain of a 'd' (signing domain)
> - typically the domain in identity is exactly the same as the domain in
> a 'd' tag (explicitly or by default).
Yep, and there are very few ADSP records published thus far. Hopefully that'll
change soon.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6189] draft-ietf-dkim-ssp-10 / RFC-5617 made Author Domain
Signature based on 'd'
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6189
Warren Togami <wt...@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |wtogami@redhat.com
--- Comment #5 from Warren Togami <wt...@redhat.com> 2009-09-09 17:43:39 PST ---
Mail::DKIM 0.37 is out.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6189] draft-ietf-dkim-ssp-10 / RFC-5617 made Author Domain
Signature based on 'd'
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6189
--- Comment #7 from Karsten Bräckelmann <gu...@rudersport.de> 2009-09-10 06:11:49 PST ---
(In reply to comment #4)
> Committed revision 813095 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=813095 ).
Mark, isn't this FIXED now? :)
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.