Fw: Use of DKIM on at-large mailing list
Hello everyone, sorry for posting this here, but I sent the enquiry to the at-large-owner address but received no reply, so I think this might have gotten lost or ended up in /dev/null.. In short: DKIM/DomainKeys is incorrectly set-up for atlarge-lists.icann.org Warm regards, Olivier -- Olivier MJ Crepin-Leblond, Ph.D Global Information Highway Ltd http://www.gih.com/ocl.html ----- Original Message ----- From: "Olivier MJ Crepin-Leblond" <ocl@gih.com> To: <at-large-owner@atlarge-lists.icann.org> Sent: Wednesday, November 12, 2008 12:04 PM Subject: Use of DKIM on at-large mailing list
Hello there,
I have noticed that you are using DKIM/DomainKeys on the at-large ICANN server. I think that it is great that you are embracing new technology. It is also great that the server supports TLS.
However, it appears that its implementation for domainkeys/DKIM on the mailing list does not work correctly.
At present:
- messages which are DKIM-signed keep their DKIM signature and therefore FAIL when received, because the at-large mailing list adds a footer (how to subscribe/unsubscribe), so the message has been tampered with - messages which are not DKIM-signed become signed by the atlarge-lists.icann.org server. However, there is no entry for default._domainkey.atlarge-lists.icann.org key in the DNS.
What should really happen:
- the atlarge-lists.icann.org server should recognise when a domainkey is active & replace the incoming domainkey with its own domainkey if positive. - atlarge-lists.icann.org should have an entry in the ICANN DNS for its key under: default._domainkey.atlarge-lists.icann.org
If you have any questions, don't hesitate to ask.
Warm regards,
Olivier
-- Olivier MJ Crepin-Leblond, Ph.D Global Information Highway Ltd http://www.gih.com/ocl.html
Thanks Olivier we will look into this, we¹re just under-manned at the moment and so non-essential tasks are getting deferred. On 19/11/2008 11:32, "Olivier MJ Crepin-Leblond" <ocl@gih.com> wrote:
Hello everyone,
sorry for posting this here, but I sent the enquiry to the at-large-owner address but received no reply, so I think this might have gotten lost or ended up in /dev/null.. In short: DKIM/DomainKeys is incorrectly set-up for atlarge-lists.icann.org
Warm regards,
Olivier
-- Olivier MJ Crepin-Leblond, Ph.D Global Information Highway Ltd http://www.gih.com/ocl.html
----- Original Message ----- From: "Olivier MJ Crepin-Leblond" <ocl@gih.com> To: <at-large-owner@atlarge-lists.icann.org> Sent: Wednesday, November 12, 2008 12:04 PM Subject: Use of DKIM on at-large mailing list
Hello there,
I have noticed that you are using DKIM/DomainKeys on the at-large ICANN server. I think that it is great that you are embracing new technology. It is also great that the server supports TLS.
However, it appears that its implementation for domainkeys/DKIM on the mailing list does not work correctly.
At present:
- messages which are DKIM-signed keep their DKIM signature and therefore FAIL when received, because the at-large mailing list adds a footer (how to subscribe/unsubscribe), so the message has been tampered with - messages which are not DKIM-signed become signed by the atlarge-lists.icann.org server. However, there is no entry for default._domainkey.atlarge-lists.icann.org key in the DNS.
What should really happen:
- the atlarge-lists.icann.org server should recognise when a domainkey is active & replace the incoming domainkey with its own domainkey if positive. - atlarge-lists.icann.org should have an entry in the ICANN DNS for its key under: default._domainkey.atlarge-lists.icann.org
If you have any questions, don't hesitate to ask.
Warm regards,
Olivier
-- Olivier MJ Crepin-Leblond, Ph.D Global Information Highway Ltd http://www.gih.com/ocl.html
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/at-large_atlarge-lists.icann... rg
At-Large Official Site: http://atlarge.icann.org
-- Regards, Nick Ashton-Hart Director for At-Large Internet Corporation for Assigned Names and Numbers (ICANN) Main Tel: +33 (450) 40 46 88 USA DD: +1 (310) 578-8637 Fax: +41 (22) 594-85-44 Mobile: +41 (79) 595 54-68 email: nick.ashton-hart@icann.org Win IM: ashtonhart@hotmail.com / AIM/iSight: nashtonhart@mac.com / Skype: nashtonhart Online Bio: https://www.linkedin.com/in/ashtonhart
participants (2)
-
Nick Ashton-Hart -
Olivier MJ Crepin-Leblond