ietf-822
[Top] [All Lists]

Re: checksums

1991-10-30 18:52:35
I will backoff of insisting on a more flexible and general solution to the
checksum "requirement".  However, I do have three comments about adding a
checksum solution:

I'd rather drop checksums completely than have a half-assed one embedded in
one of the encodings, especially when other encodings share the need.

1.  The checksum must be based on a canonical form of the data.  One
    candidate canonical form is the base64 encoding.  In other words, it
    would be very bad to base the checksum on the underlying binary (or
    local) representation.  See RFC 1113 for the rationale.

You bet. I have already examined and detailed how to do this for each of the 
encodings in the RFC. And yes, I stole most of it from RFC1113.

2.  A gateway must NOT touch the checksum.  The checksum must be an end to
    end service.  Although a gateway may manipulate a message in order to
    pass it from one environment to another, it must not manipulate it in
    such a way that the recipient can not recover the version upon which the
    checksum is based.  This is simply a special case of basing the checksum
    on a canonical form.

This is an impossible requirement to meet. Example -- I have a gateway that
turns a particularly unpleasant and unique word processing format into
plain ASCII. The format is proprietary -- there is no possible way to
read it on the recipient system. The choices are convert or drop it on the 
floor. Users will not accept data loss that you get from dropping it on the 
floor. This means that the gateway must convert this material. And this
conversion will change the checksum. There's no way to avoid it.

If it boils down to my gateway being incompliant on a point like this versus
broken from the user's view, I'll take incompliant any day of the week, as
will all my users. I would be lynched if I went any other way on this.

The example I have described is a typical sort of gateway function. Gateways do 
this sort of thing all the time. X.400 provides a framework (totally 
inadequate, but it is there) for doing this sort of thing. I don't see any
need to build an X.400-like framework for this (largely because X.400 addresses
the wrong issues in the wrong ways for us) but I note in passing that need
for the mechanism is not going to go away.

Now, saying that a gateway must validate and regenerate the checksum is
fine, and I would definitely insist on that. Saying that an MTA (not a
gateway) should not meddle in the document is also fine, and I'd insist on that
too. But your statement is unenforcable and useless on the gateways we have
now, never mind the gateways of the future.

3.  If the checksum is present, it must be mandatory for a recipient to
    verify it and alert the user to a discrepancy.  Otherwise what is the
    point in having it.

I'm in total agreement on this.

                                        Ned


<Prev in Thread] Current Thread [Next in Thread>