Re: [exim-dev] [Exim-maintainers] Exim 4.70

Top Page
This message is part of the following thread:
M---\the complete thread tree sorted by date
M++\MMNigel Metheringham at <-
MMMMMMPhil Pennock at ->
Delete this message
Reply to this message
Author: Simon Arlott
Date:  
To: exim-dev
CC: exim-maintainers
Subject: Re: [exim-dev] [Exim-maintainers] Exim 4.70
On 13/10/09 19:53, Tom Kistner wrote:
>> Aren't there are other bugs that should be fixed in a 4.70 release?
>>
>> http://bugs.exim.org/show_bug.cgi?id=894
>> http://bugs.exim.org/show_bug.cgi?id=890 <-- this one is in DKIM
>
> Fixed the latter.

Ok. The other one looked like it would prompt a release itself...

>> Also, where is the proof that the DKIM code is correct?
>
> Try it! As with most code, it is a matter of trust. Constructing proof
> in a mathematic sense would start at the underlying crypto
> implementation. Would take ages to complete. Don't feel like it.

I don't mean some sort of formal proof, but there aren't even tests
that it handles all the specifics of DKIM as expected.

There was a TODO entry somewhere indicating that it should be tested
against other implementations... I can't remember where.

>> Both DK and PDKIM are complex. There may be differences in
>> implementations for some cases (both From and Sender present, etc.).
>
> The code needs some real-world exposure. That's why we're doing this
> exercise!

Surely an exim release is not a test exercise? The DKIM code may get
used widely before some bug is noticed.

>> When a signed email fails to validate, is it the fault of the sender
>> or recipient's DKIM processing?
>
> It is possible to find that out. I've done compat testing against the
> public responders of other implementations, and it seems to work. Of
> course, results can vary given different mail bodies, of which there are
> inifinite.

Public responders aren't much use when they stop working, or are
disabled due to spam/abuse. Test messages which purposefully try to
break the implementation with odd whitespace and headers would be
useful.

>> Invalid signatures and any verification bugs will cause problems
>> for both sender and recipient that may go undetected.
>
> That is why the implementation only logs an informative message for each
> signature found. It is up to the user (admin) to construct a policy.

Which may be based on invalid verification logic. Exim has previously
decided an automated email sent by Yahoo groups has a bad signature.

DomainKeys-Domain: yahoogroups.com (testing=0 signsall=0 source=sender)
DomainKeys-Status: bad (FreecycleEdinburgh@???)

It may actually be bad, but there are no objective tests for "this
should work" and "this is wrong, it should fail".

--
Simon Arlott
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] [Exim-maintainers] Exim 4.70Re: [exim] [exim-dev] Testing Exim 4.70 prerelease->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)