Re: DMARC (Was: Re: [alsa-devel@alsa-project.org: [PATCH 3/5] ASoC: mediatek: mt8195-afe-pcm: Simplify runtime PM during probe])
On Wed, May 10, 2023 at 11:05:59AM +0900, Mark Brown wrote:
AFAICT the only other option is munging the From without enclosing the message in a wrapper? That's potentially marginally less harmful but it's still going to break things badly enough that I'm not sure it's a worthwhile improvement.
The readymade mitigations for DMARC in mailman 3 are "munge_from" and "wrap_message". The fact "wrap_message" messes around with signatures in mutt is definitely not a good sign, and "munge_from" will change the author's email and name from the perspective of git-am.
The middle way could be to patch mailman 3 to "munge_from" while adding the correct "From:" as the first thing in the body of the message if it doesn't contain one already. This will make git-am pickup the correct author's details and it should be some simple logic.
If Jaroslav is brave enough to maintain this supposed patch to mailman 3 in case it doesn't get picked-up upstream by the FSF folks...
I understand the maintainers needs must come first but it will be terrible to get the GMail bouncing behaviour again, I don't want to press the point since Jaroslav already made the speech I think it was needed.
Thanks, Geraldo Nascimento
On 10. 05. 23 5:58, Geraldo Nascimento wrote:
On Wed, May 10, 2023 at 11:05:59AM +0900, Mark Brown wrote:
AFAICT the only other option is munging the From without enclosing the message in a wrapper? That's potentially marginally less harmful but it's still going to break things badly enough that I'm not sure it's a worthwhile improvement.
The readymade mitigations for DMARC in mailman 3 are "munge_from" and "wrap_message". The fact "wrap_message" messes around with signatures in mutt is definitely not a good sign, and "munge_from" will change the author's email and name from the perspective of git-am.
The middle way could be to patch mailman 3 to "munge_from" while adding the correct "From:" as the first thing in the body of the message if it doesn't contain one already. This will make git-am pickup the correct author's details and it should be some simple logic.
Unfortunately, changing the message body will break the DKIM message integrity (body hash)...
Jaroslav
On Wed, May 10, 2023 at 08:17:30AM +0200, Jaroslav Kysela wrote:
The middle way could be to patch mailman 3 to "munge_from" while adding the correct "From:" as the first thing in the body of the message if it doesn't contain one already. This will make git-am pickup the correct author's details and it should be some simple logic.
Unfortunately, changing the message body will break the DKIM message integrity (body hash)...
If you change the From: header, the DKIM signature doesn't matter any more, so this will work just fine.
-K
On Wed, May 10, 2023 at 11:13:15AM -0400, Konstantin Ryabitsev wrote:
On Wed, May 10, 2023 at 08:17:30AM +0200, Jaroslav Kysela wrote:
The middle way could be to patch mailman 3 to "munge_from" while adding the correct "From:" as the first thing in the body of the message if it doesn't contain one already. This will make git-am pickup the correct author's details and it should be some simple logic.
Unfortunately, changing the message body will break the DKIM message integrity (body hash)...
If you change the From: header, the DKIM signature doesn't matter any more, so this will work just fine.
Hi Konstantin,
I'm reading RFC 6377 from September 2001, "DKIM and Mailing Lists", and the approach you say would work just fine I think is covered on section 5.7., "Signature Removal Issues".
Regards, Geraldo Nascimento
-K
participants (3)
-
Geraldo Nascimento -
Jaroslav Kysela -
Konstantin Ryabitsev