Debian Bug report logs - #500966
lists.debian.org: should sign outbound mail with DKIM

Package: lists.debian.org; Maintainer for lists.debian.org is Debian Listmaster Team <listmaster@lists.debian.org>;

Reported by: Russell Coker <russell@coker.com.au>

Date: Fri, 3 Oct 2008 01:27:02 UTC

Severity: normal

Tags: wontfix

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Listmaster Team <listmaster@lists.debian.org>:
Bug#500966; Package lists.debian.org. (Fri, 03 Oct 2008 01:27:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russell Coker <russell@coker.com.au>:
New Bug report received and forwarded. Copy sent to Debian Listmaster Team <listmaster@lists.debian.org>. (Fri, 03 Oct 2008 01:27:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: lists.debian.org: should sign outbound mail with DKIM
Date: Fri, 03 Oct 2008 11:21:23 +1000
Package: lists.debian.org
Severity: normal

To prevent forgeries of mail from the lists.debian.org server I believe
that we should have DKIM installed to sign all outbound mail.  It really
is not difficult to do in Lenny, and it shouldn't be difficult to
back-port the relevant packages to Etch if necessary.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Listmaster Team <listmaster@lists.debian.org>:
Bug#500966; Package lists.debian.org. (Fri, 03 Oct 2008 08:36:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Viehmann <tv@beamnet.de>:
Extra info received and forwarded to list. Copy sent to Debian Listmaster Team <listmaster@lists.debian.org>. (Fri, 03 Oct 2008 08:36:07 GMT) Full text and rfc822 format available.

Message #10 received at 500966@bugs.debian.org (full text, mbox):

From: Thomas Viehmann <tv@beamnet.de>
To: Russell Coker <russell@coker.com.au>, 500966@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#500966: lists.debian.org: should sign outbound mail with DKIM
Date: Fri, 03 Oct 2008 10:32:25 +0200
tag 500966 wontfix
thanks

Hi Russell,

Russell Coker wrote:
> To prevent forgeries of mail from the lists.debian.org server I believe
> that we should have DKIM installed to sign all outbound mail.  It really
> is not difficult to do in Lenny, and it shouldn't be difficult to
> back-port the relevant packages to Etch if necessary.

I don't think it's appropriate to sign relayed mails unless we have
verified some previous signature and even then it's questionable.

Kind regards

T.
-- 
Thomas Viehmann, http://thomas.viehmann.net/




Tags added: wontfix Request was from Thomas Viehmann <tv@beamnet.de> to control@bugs.debian.org. (Fri, 03 Oct 2008 08:36:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Listmaster Team <listmaster@lists.debian.org>:
Bug#500966; Package lists.debian.org. (Fri, 03 Oct 2008 11:06:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to Debian Listmaster Team <listmaster@lists.debian.org>. (Fri, 03 Oct 2008 11:06:06 GMT) Full text and rfc822 format available.

Message #17 received at 500966@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Thomas Viehmann <tv@beamnet.de>
Cc: 500966@bugs.debian.org
Subject: Re: Bug#500966: lists.debian.org: should sign outbound mail with DKIM
Date: Fri, 3 Oct 2008 21:01:10 +1000
On Friday 03 October 2008 18:32, Thomas Viehmann <tv@beamnet.de> wrote:
> > To prevent forgeries of mail from the lists.debian.org server I believe
> > that we should have DKIM installed to sign all outbound mail.  It really
> > is not difficult to do in Lenny, and it shouldn't be difficult to
> > back-port the relevant packages to Etch if necessary.
>
> I don't think it's appropriate to sign relayed mails unless we have
> verified some previous signature and even then it's questionable.

The signature is not making any statement about the content of the message, 
merely about where it came from.

If a message is signed as coming from a Debian list server then I can know 
whether it was corrupted between the Debian server and my mail server.  Then 
if there is some issue as to the content I can contact the Debian list 
administrators if there is a need to track it back further.

The Gmail servers sign all mail.  Some of that mail is spam, and a lot of the 
non-spam mail is of low quality.  This does not reduce the value of having a 
signature.  Knowing that a message came from a Gmail server without 
corruption is useful, I can then assign a value on the message based on the 
reported sender.

Ideally the Debian list servers would sign outgoing mail and also sign an 
extra header which indicates the signing status of the message when it 
arrived at the Debian server.  The DKIM spec supports signing arbitrary 
headers - including X- headers.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Listmaster Team <listmaster@lists.debian.org>:
Bug#500966; Package lists.debian.org. (Fri, 03 Oct 2008 12:09:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Viehmann <tv@beamnet.de>:
Extra info received and forwarded to list. Copy sent to Debian Listmaster Team <listmaster@lists.debian.org>. (Fri, 03 Oct 2008 12:09:04 GMT) Full text and rfc822 format available.

Message #22 received at 500966@bugs.debian.org (full text, mbox):

From: Thomas Viehmann <tv@beamnet.de>
To: russell@coker.com.au
Cc: 500966@bugs.debian.org
Subject: Re: Bug#500966: lists.debian.org: should sign outbound mail with DKIM
Date: Fri, 03 Oct 2008 14:06:50 +0200
Russell Coker wrote:
> On Friday 03 October 2008 18:32, Thomas Viehmann <tv@beamnet.de> wrote:
>>> To prevent forgeries of mail from the lists.debian.org server I believe
>>> that we should have DKIM installed to sign all outbound mail.  It really
>>> is not difficult to do in Lenny, and it shouldn't be difficult to
>>> back-port the relevant packages to Etch if necessary.
>> I don't think it's appropriate to sign relayed mails unless we have
>> verified some previous signature and even then it's questionable.
> 
> The signature is not making any statement about the content of the message, 
> merely about where it came from.
Yeah, and the messages don't originate at lists.debian.org, they are
merely forwarded. The little I read (in the discussion of the l= length
field) seems to indicate that the designers of DKIM agree that
forwarders should not sign messages.
IMO signing arbitrary messages on forward would defeat the purpose of DKIM.
For gmail, mail actually originates with them. That's a fundamental
difference to lists.d.o.

Kind regards

T.
-- 
Thomas Viehmann, http://thomas.viehmann.net/




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Listmaster Team <listmaster@lists.debian.org>:
Bug#500966; Package lists.debian.org. (Fri, 03 Oct 2008 13:18:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to Debian Listmaster Team <listmaster@lists.debian.org>. (Fri, 03 Oct 2008 13:18:08 GMT) Full text and rfc822 format available.

Message #27 received at 500966@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Thomas Viehmann <tv@beamnet.de>
Cc: 500966@bugs.debian.org
Subject: Re: Bug#500966: lists.debian.org: should sign outbound mail with DKIM
Date: Fri, 3 Oct 2008 23:14:51 +1000
On Friday 03 October 2008 22:06, Thomas Viehmann <tv@beamnet.de> wrote:
> Yeah, and the messages don't originate at lists.debian.org, they are
> merely forwarded. The little I read (in the discussion of the l= length
> field) seems to indicate that the designers of DKIM agree that
> forwarders should not sign messages.
> IMO signing arbitrary messages on forward would defeat the purpose of DKIM.
> For gmail, mail actually originates with them. That's a fundamental
> difference to lists.d.o.

If you consider that there are only two levels of mail, signed and unsigned, 
then signing mailing list mail would be the wrong thing to do.

If you consider DKIM as a way of authenticating the origin of mail 
independently of it's value then signing all mail is the right thing to do.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Listmaster Team <listmaster@lists.debian.org>:
Bug#500966; Package lists.debian.org. (Fri, 03 Oct 2008 22:27:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Stephen Gran <sgran@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Listmaster Team <listmaster@lists.debian.org>. (Fri, 03 Oct 2008 22:27:07 GMT) Full text and rfc822 format available.

Message #32 received at 500966@bugs.debian.org (full text, mbox):

From: Stephen Gran <sgran@debian.org>
To: 500966@bugs.debian.org, 500966-submitter@bugs.debian.org
Subject: why?
Date: Fri, 3 Oct 2008 23:26:11 +0100
[Message part 1 (text/plain, inline)]
Does signing a mail tell me something about the origin that the IP layer
doesn't already tell me much more cheaply?

Granted, not every subscriber runs their own mail server, but enough do
that it's trivial to verify that a given mail with a given hash sum came
from the list servers.

I'm personally not all that impressed with any of the sender
verification schemes - so far they all seem to be set up to allow bulk
senders to pretend they're not just spammers with nicer suits.

Cheers,
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]

Message sent on to Russell Coker <russell@coker.com.au>:
Bug#500966. (Fri, 03 Oct 2008 22:27:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Listmaster Team <listmaster@lists.debian.org>:
Bug#500966; Package lists.debian.org. (Sun, 05 Oct 2008 03:33:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to md@Linux.IT (Marco d'Itri):
Extra info received and forwarded to list. Copy sent to Debian Listmaster Team <listmaster@lists.debian.org>. (Sun, 05 Oct 2008 03:33:02 GMT) Full text and rfc822 format available.

Message #40 received at 500966@bugs.debian.org (full text, mbox):

From: md@Linux.IT (Marco d'Itri)
To: Stephen Gran <sgran@debian.org>, 500966@bugs.debian.org
Subject: Re: Bug#500966: why?
Date: Sun, 5 Oct 2008 05:28:45 +0200
[Message part 1 (text/plain, inline)]
On Oct 04, Stephen Gran <sgran@debian.org> wrote:

> Does signing a mail tell me something about the origin that the IP layer
> doesn't already tell me much more cheaply?
You are missing the point: maintaining reputation data associated to IP
addresses is not cheap at all nor very reliable, because IP addresses
tend to change and mail to be forwarded.
DK/DKIM (and partially SPF) solve these problems by allowing receivers
to reliably associate reputation data to domains instead of IP addresses.

BTW, this means that there is no point in signing lists.debian.org mail
traffic unless the listmasters are aware of requests for this by large
mail receivers.
Since lists.debian.org is not routinely forged nor it is a phish target
there is also no point in signing it to "prevent forgeries" (nobody
relevant associates negative reputation to a missing DKIM signature).
Since currently these two are the only practical uses of SPF/DK/DKIM I
argue that signing lists.debian.org mail is not needed.

> I'm personally not all that impressed with any of the sender
> verification schemes - so far they all seem to be set up to allow bulk
> senders to pretend they're not just spammers with nicer suits.
There is a huge number of bulk senders which are not spammers. If this
is not clear to you then you should not be allowed close to important
mail servers.

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Listmaster Team <listmaster@lists.debian.org>:
Bug#500966; Package lists.debian.org. (Sun, 05 Oct 2008 11:09:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Stephen Gran <sgran@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Listmaster Team <listmaster@lists.debian.org>. (Sun, 05 Oct 2008 11:09:02 GMT) Full text and rfc822 format available.

Message #45 received at 500966@bugs.debian.org (full text, mbox):

From: Stephen Gran <sgran@debian.org>
To: Marco d'Itri <md@Linux.IT>
Cc: 500966@bugs.debian.org
Subject: Re: Bug#500966: why?
Date: Sun, 5 Oct 2008 12:00:36 +0100
[Message part 1 (text/plain, inline)]
This one time, at band camp, Marco d'Itri said:
> On Oct 04, Stephen Gran <sgran@debian.org> wrote:
> 
> > Does signing a mail tell me something about the origin that the IP layer
> > doesn't already tell me much more cheaply?
> You are missing the point: maintaining reputation data associated to IP
> addresses is not cheap at all nor very reliable, because IP addresses
> tend to change and mail to be forwarded.
> DK/DKIM (and partially SPF) solve these problems by allowing receivers
> to reliably associate reputation data to domains instead of IP addresses.

So, if only the entire internet would change how they handle mail and
participate in $pet_scheme, we could do something about email problems?
I refer you to the FUSSP.

> BTW, this means that there is no point in signing lists.debian.org mail
> traffic unless the listmasters are aware of requests for this by large
> mail receivers.
> Since lists.debian.org is not routinely forged nor it is a phish target
> there is also no point in signing it to "prevent forgeries" (nobody
> relevant associates negative reputation to a missing DKIM signature).
> Since currently these two are the only practical uses of SPF/DK/DKIM I
> argue that signing lists.debian.org mail is not needed.
> 
> > I'm personally not all that impressed with any of the sender
> > verification schemes - so far they all seem to be set up to allow bulk
> > senders to pretend they're not just spammers with nicer suits.
> There is a huge number of bulk senders which are not spammers. If this
> is not clear to you then you should not be allowed close to important
> mail servers.

There are, in my experience, very few bulk senders that don't harbor
spammers.  I know that that's not how they sell themselves, but that
doesn't change reality.  Again, please see the FUSSP for details.
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Listmaster Team <listmaster@lists.debian.org>:
Bug#500966; Package lists.debian.org. (Sun, 05 Oct 2008 11:12:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to md@Linux.IT (Marco d'Itri):
Extra info received and forwarded to list. Copy sent to Debian Listmaster Team <listmaster@lists.debian.org>. (Sun, 05 Oct 2008 11:12:02 GMT) Full text and rfc822 format available.

Message #50 received at 500966@bugs.debian.org (full text, mbox):

From: md@Linux.IT (Marco d'Itri)
To: Stephen Gran <sgran@debian.org>
Cc: 500966@bugs.debian.org
Subject: Re: Bug#500966: why?
Date: Sun, 5 Oct 2008 13:06:56 +0200
[Message part 1 (text/plain, inline)]
On Oct 05, Stephen Gran <sgran@debian.org> wrote:

> > You are missing the point: maintaining reputation data associated to IP
> > addresses is not cheap at all nor very reliable, because IP addresses
> > tend to change and mail to be forwarded.
> > DK/DKIM (and partially SPF) solve these problems by allowing receivers
> > to reliably associate reputation data to domains instead of IP addresses.
> So, if only the entire internet would change how they handle mail and
> participate in $pet_scheme, we could do something about email problems?
> I refer you to the FUSSP.
At no time I argued that everybody needs to adopt DK/DKIM. Actually I
argued that Debian will have no benefits from adopting DK/DKIM.
Most of the relevant entities either are using or are planning to deploy
DK/DKIM (except sadly hotmail, which adopted SPF).

> There are, in my experience, very few bulk senders that don't harbor
> spammers.
This is why your experience is not relevant.

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Listmaster Team <listmaster@lists.debian.org>:
Bug#500966; Package lists.debian.org. (Sun, 05 Oct 2008 23:12:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Stephen Gran <sgran@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Listmaster Team <listmaster@lists.debian.org>. (Sun, 05 Oct 2008 23:12:02 GMT) Full text and rfc822 format available.

Message #55 received at 500966@bugs.debian.org (full text, mbox):

From: Stephen Gran <sgran@debian.org>
To: Marco d'Itri <md@Linux.IT>
Cc: 500966@bugs.debian.org
Subject: Re: Bug#500966: why?
Date: Mon, 6 Oct 2008 00:09:05 +0100
[Message part 1 (text/plain, inline)]
This one time, at band camp, Marco d'Itri said:
> This is why your experience is not relevant.

It's so cute when you think you're important.  But really, a bug report
isn't all that useful a place to debate the merits of this.  Why don't
you head over to SPAM-L or mailop and let them know how great your FUSSP
is?  I'm sure they would all benefit from your wisdom.
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 05:41:01 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.