ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Possible problem with "simple" body canonicalization -- trailing CRLFs

2006-07-19 18:26:18
from [John L] [Permanent Link] 
Your information is out of date. RFC 1830 was superceded by RFC 3030 in
December 2000.


Oops.


Well, one thing I do worry about is the assumption some folks keep making that
the transport infrastructure doesn't, or isn't supposed to, mess around with
message content. Like it or not, operations like encoding downgrading (or
upgrading) are an explicit part of the email architecture and have been ever
since MIME came out. ...
I think we're in violent agreement here. Every time a message passes through a relay, the relay modifies it somehow. Ideally, the message would be DKIM signed by the sending domain's outgoing mail relay and the signature checked by the recipient's MX. But since that's not always going to be possible, a design goal of DK and I hope DKIM is for signatures to survive typical relay behavior insofar as is practical.
To me this means that for stuff that is common, straightforward, and well understood, e.g., adding new headers, reordering some existing headers, and adding blank lines at the end, we have provisions to deal with that. For anything more complicated, forget it. It's clear to me that for messages that don't end with CR LF (which is impossible in normal SMTP anyway) or that have bare CR or LF, the behavior of relay MTAs is varied and hard to predict, so the only useful advice we can give to people who want their signatures to work is Don't Do That.
If you want your signatures to work, be sure the message you're signing is as squeaky clean 2822 compliant as possible so as to give relay MTAs as little incentive as possible to make helpful modifications. I realize that we have existing software and we can't always upgrade it, but if we want something that's designed to be resilient in the face of every known hostile MTA, we already have S/MIME and this is not it. The existing simple canonicalization covers a large and useful set of relay MTA behavior, so I think we should declare victory and stop. 

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for 
Dummies",
Information Superhighwayman wanna-be, http://johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] base-04 //inverting key t= 's'ub-domain flag, Paul Hoffman
Next by Date:  Re: [ietf-dkim] base-04 //inverting key t= 's'ub-domain flag, Douglas Otis
Previous by Thread:  Re: [ietf-dkim] Possible problem with "simple" body canonicalization -- trailing CRLFs, ned+dkim
Next by Thread:  [ietf-dkim] 822/2822 or just 2822 was - Possible problem with "simple" body canonicalization -- trailing CRLFs, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]