[tor-bugs] #11139 [BridgeDB]: BridgeDB's email whitelist should include @riseup.net
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Aug 1 01:54:17 UTC 2014
#11139: BridgeDB's email whitelist should include @riseup.net
--------------------------+-------------------------------------------
Reporter: isis | Owner: isis
Type: defect | Status: closed
Priority: normal | Milestone:
Component: BridgeDB | Version:
Resolution: fixed | Keywords: bridgedb-email,bridgedb-0.2.3
Actual Points: | Parent ID:
Points: |
--------------------------+-------------------------------------------
Comment (by isis):
I talked to micah on IRC, and they pointed out
[http://dkim.org/specs/rfc4871-dkimbase.html#canonicalization this section
of RFC4871], which specifies what 'relaxed' header verification mode means
for DKIM. The way Riseup currently has DKIM set up is with 'relaxed'
header mode, and 'simple' body mode, meaning that the headers of an email
can be modified in transit in a few non-intrusive ways (i.e. header names
can be converted to lowercase), and the body is ''not'' permitted to
change.
This seems safe to me, as BridgeDB ignores pretty much all headers,
including the `Subject:` header. What we mostly care about is that the
user's commands in the body of the email haven't been altered in transit.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11139#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list