Re: [GIT PULL] arm64 updates 6.15-rc1

From: Stephen Rothwell
Date: Wed Mar 26 2025 - 18:45:19 EST

Next message: David Laight: "Re: [PATCH] x86: handle the tail in rep_movs_alternative() with an overlapping store"
Previous message: Randy Dunlap: "Re: linux-next: Tree for Mar 26 (objtool: iommu)"
In reply to: Steven Rostedt: "Re: [GIT PULL] arm64 updates 6.15-rc1"
Next in thread: Steven Rostedt: "Re: [GIT PULL] arm64 updates 6.15-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Linus,

On Wed, 26 Mar 2025 10:25:22 -0700 Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> On Wed, 26 Mar 2025 at 10:11, Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
> >
> > So it definitely goes through kernel.org.
> >
> > But it has no DKIM headers.
>
> Funky.
>
> There's definitely something strange going on, because your *previous*
> email to me did have the DKIM signature:
>
> Received: by smtp.kernel.org (Postfix) with ESMTPSA id DF624C4CEE2...
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;[..]
> [...]
> Date: Wed, 26 Mar 2025 12:40:25 -0400
> Subject: Re: [GIT PULL] arm64 updates 6.15-rc1
> Message-ID: <20250326124025.1966bf8a@xxxxxxxxxxxxxxxxxx>
>
> and gmail was explicitly happy with it:
>
> ARC-Authentication-Results: i=1; mx.google.com;
> dkim=pass [...]
>
> but then this later one didn't:
>
> Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4CDA5C4CEE2...
> [...]
> Date: Wed, 26 Mar 2025 13:12:00 -0400
> Message-ID: <20250326131200.1c86c657@xxxxxxxxxxxxxxxxxx>
>
> and for some reason gmail also didn't actually react to the lack of
> DKIM on that second one and only talks about how spf was fine.
>
> Konstantin? Can you tell what's going on?

My understanding is this:

for normal SPF checks (i.e. not DMARC's SPF checks) the test is done on
the envelope sender and in Steve's case, goodmis.org DNS SPF record
says that anything from goodmis.org can come from the kernel.org
servers. DMARC applies the SPF check to the From: header address.

for DKIM checks, the test is against the From: header address. The
kernel.org servers can only sign emails that have a From header using a
kernel.org email address (or any other domain they have access to the
private DKIM keys for). So they cannot sign emails that have a From:
header using a goodmis.org email address (presumably).

Presumably the SPF check passing is sufficient for the GMail servers.

DMARC requires that its SPF check or its DKIM check to pass. (But
goodmis.org has no DMARC DNS record, while kernel.org does)
--
Cheers,
Stephen Rothwell

Attachment: pgpQYDusIAzC6.pgp
Description: OpenPGP digital signature

Next message: David Laight: "Re: [PATCH] x86: handle the tail in rep_movs_alternative() with an overlapping store"
Previous message: Randy Dunlap: "Re: linux-next: Tree for Mar 26 (objtool: iommu)"
In reply to: Steven Rostedt: "Re: [GIT PULL] arm64 updates 6.15-rc1"
Next in thread: Steven Rostedt: "Re: [GIT PULL] arm64 updates 6.15-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]