[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #11139 [BridgeDB]: BridgeDB's email whitelist should include @riseup.net



#11139: BridgeDB's email whitelist should include @riseup.net
--------------------------+-------------------------------------------
     Reporter:  isis      |      Owner:  isis
         Type:  defect    |     Status:  closed
     Priority:  normal    |  Milestone:
    Component:  BridgeDB  |    Version:
   Resolution:  fixed     |   Keywords:  bridgedb-email,bridgedb-0.2.3
Actual Points:            |  Parent ID:
       Points:            |
--------------------------+-------------------------------------------

Comment (by isis):

 I talked to micah on IRC, and they pointed out
 [http://dkim.org/specs/rfc4871-dkimbase.html#canonicalization this section
 of RFC4871], which specifies what 'relaxed' header verification mode means
 for DKIM. The way Riseup currently has DKIM set up is with 'relaxed'
 header mode, and 'simple' body mode, meaning that the headers of an email
 can be modified in transit in a few non-intrusive ways (i.e. header names
 can be converted to lowercase), and the body is ''not'' permitted to
 change.

 This seems safe to me, as BridgeDB ignores pretty much all headers,
 including the `Subject:` header. What we mostly care about is that the
 user's commands in the body of the email haven't been altered in transit.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11139#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs