Full Disclosure mailing list archives
Email Security
From: "Gary E. Miller" <gem () rellim com>
Date: Thu, 29 Dec 2005 17:16:36 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo All! Sorry to actually talk about security here, but this has been bugging me for a while. Check out the headers in the email I just got from this list below. Pay particular attentiom to this header that shows gmail signed the original message: DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:conte nt-type:references; b=CQy5RMmQmeDJoDvXBSoE3v/YxxeBPc4IA6LVT/GgWBA2oLOCW3GXWm+u/I4MT2v8LxpcJj3ntc 6F4bOTORFK7BTPZKPL/QzFEydGmzcpN/4MO+myrzc8GgDTCliPpNH0TvhdPunxVMHqSMSHaMkdJq pXnHYohxyCQY/bmx5Mc/I= Now notice this one that shows the signature failed after going through full-disclosure: Authentication-Results: catbert.rellim.com from=zoidenator () gmail com; domainkeys=fail (testing) Is there any way to get the list fixed so that DomainKeys signing is not being corrupted? I know this is non-trivial but if we can't figure it out then no mere mail admin has a chance.... It seems to me that gmail included the sbject in the resultant hash and the [full-disclosure] tag added to the subject changes the hash. Not sure what the proper workaround is, but I think the mailing list is supposed to rehash the whole thing. DomainKeys is not an RFC yet, but it will be soon. We gotta do something about the flood of spam. My spamfilter caught 11k+ spam just last weekend on just my persoanl account.... RGDS GARY - --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem () rellim com Tel:+1(541)382-8588 Fax: +1(541)382-8676 - ---------- Forwarded message ---------- Return-Path: <full-disclosure-bounces () lists grok org uk> X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on catbert.rellim.com X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=HTML_MESSAGE autolearn=disabled version=3.1.0 Received: from lists.grok.org.uk (lists.grok.org.uk [195.184.125.51]) by catbert.rellim.com (8.13.5/8.13.5) with ESMTP id jBU10Smm010801 for <gem () rellim com>; Thu, 29 Dec 2005 17:00:29 -0800 Authentication-Results: catbert.rellim.com from=zoidenator () gmail com; domainkeys=fail (testing) Received: from lists.grok.org.uk (localhost [127.0.0.1]) by lists.grok.org.uk (Postfix) with ESMTP id CE3771216; Fri, 30 Dec 2005 01:00:20 +0000 (GMT) X-Original-To: full-disclosure () lists grok org uk Delivered-To: full-disclosure () lists grok org uk Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.196]) by lists.grok.org.uk (Postfix) with ESMTP id 401DA10B1 for <full-disclosure () lists grok org uk>; Fri, 30 Dec 2005 00:59:57 +0000 (GMT) Received: by zproxy.gmail.com with SMTP id 9so1795752nzo for <full-disclosure () lists grok org uk>; Thu, 29 Dec 2005 16:59:56 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:conte nt-type:references; b=CQy5RMmQmeDJoDvXBSoE3v/YxxeBPc4IA6LVT/GgWBA2oLOCW3GXWm+u/I4MT2v8LxpcJj3ntc 6F4bOTORFK7BTPZKPL/QzFEydGmzcpN/4MO+myrzc8GgDTCliPpNH0TvhdPunxVMHqSMSHaMkdJq pXnHYohxyCQY/bmx5Mc/I= Received: by 10.36.145.5 with SMTP id s5mr1037764nzd; Thu, 29 Dec 2005 16:59:56 -0800 (PST) Received: by 10.36.126.1 with HTTP; Thu, 29 Dec 2005 16:59:56 -0800 (PST) Message-ID: <528287c00512291659v6dcf9c96oe287e91de4fcc601 () mail gmail com> Date: Thu, 29 Dec 2005 16:59:56 -0800 From: zap zoid <zoidenator () gmail com> To: Paul Schmehl <pauls () utdallas edu> Subject: Re: [Full-disclosure][WAY OFF TOPIC] complaints about the governemnt spying! In-Reply-To: <19FCE90EEB407BAC88999768@Paul-Schmehls-Computer.local> MIME-Version: 1.0 References: <1135789711.14793.47.camel@shadrack> <1135865083.2592.42.camel@shadrack> <200512291905.jBTJ5NRC021215 () turing-police cc vt edu> <E75E8EE8316F6AAF8E24901D@Paul-Schmehls-Computer.local> <43B441CB.5030803 () csuohio edu> <93747441963ABE231995C0C2@Paul-Schmehls-Computer.local> <43B459FB.4060200 () sdf lonestar org> <cd8f1f1e0512291419p48f7da63o () mail gmail com> <cd8f1f1e0512291421t76289f2t () mail gmail com> <19FCE90EEB407BAC88999768@Paul-Schmehls-Computer.local> Cc: full-disclosure () lists grok org uk X-BeenThere: full-disclosure () lists grok org uk X-Mailman-Version: 2.1.5 Precedence: list List-Id: An unmoderated mailing list for the discussion of security issues <full-disclosure.lists.grok.org.uk> List-Unsubscribe: <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, <mailto:full-disclosure-request () lists grok org uk?subject=unsubscribe> List-Archive: <http://lists.grok.org.uk/pipermail/full-disclosure> List-Post: <mailto:full-disclosure () lists grok org uk> List-Help: <mailto:full-disclosure-request () lists grok org uk?subject=help> List-Subscribe: <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, <mailto:full-disclosure-request () lists grok org uk?subject=subscribe> Content-Type: multipart/mixed; boundary="===============0004594307==" Sender: full-disclosure-bounces () lists grok org uk Errors-To: full-disclosure-bounces () lists grok org uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDtIp48KZibdeR3qURAk0AAJ9UJMM7nGKRRpOfJatvm4wRak7EewCg8gs7 3/jpr0BxvOLw6agbjzYfebQ= =wcHt -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Email Security Gary E. Miller (Dec 29)
- Re: Email Security Nick FitzGerald (Dec 29)
- Re: Email Security Gary E. Miller (Dec 29)
- Re: Email Security Nick FitzGerald (Dec 29)