Date: 2005-07-26 22:38
From: John Levine <asrg(_at_)johnlevine(_dot_)com>
Over on the lists where people are working on DKIM and similar
signature schemes, there's a lot of discussion of message
canonicalization for signature hashes. That is, the signature
involves a hash of the message, but before making the hash, the
message is cleaned up to make it more likely that the signature will
still verify after the message passes through a few intermediate mail
systems, while not letting a bad guy change the message into something
substantively different.
The root of the problem is various types of modifications made by
SMTP and other transport, and is a well-known problem (see the MIME
RFCs for discussion of a number of issues). Also see
draft-lilly-extensible-internet-message-format-p01-00.txt and its
companions for a discussion of some of the issues and one possible
approach (in an early stage of development).
Lots of people have strong opinions about various canonicalization
schemes, but we have precious little data on how messages actually
change when passing through MTAs. So I thought a little research
might be in order. My plan is to get a bunch of people with different
MTAs to set up forwarding addresses that forward back to addresses
here so that I can send them a message, it goes through their MTA and
returns, and I can now see how the message changed. My MTA is qmail
which carefully avoids doing anything to incoming messages other than
prefixing a Received: header, so it's not hard to isolate the effects
of the remote MTA.
The issue isn't so much MTAs as network and gateway issues. E.g. part
of a transport path might permit 8bit or binary transfer while another
part may handle only 7bit content, necessitating conversion by applying
transfer encoding (which isn't permitted if the existing MIME security
multiparts are used, but then if the proposed schemes use something
else, all bets are off). One or more cycles through X.400 gateways
will result in considerable change (even a single pass in one direction
will cause significant change, but your testing method will only work
for integral numbers of round-trip cycles). Likewise for gateways to
and from systems that use EBCDIC. And those that translate to proprietary
mail systems. Simply passing messages through plain vanilla MTAs in a
pure SMTP context won't reveal much about the problems that can be
encountered in the actual global mail system.
I've set up a new subgroup called bodysig. To subscribe to its list,
send "subscribe bodysig" to majordomo(_at_)asrg(_dot_)sp(_dot_)am(_dot_)
Poor choice of name? If you're only looking at the (2822) body and not
including the message header in the hash,
a) you're trying to reinvent the wheel; see S/MIME and PGP/MIME for
signed messages, and/or RFC 1864 (Content-MD5) field for a hash w/o
PKI requirements
b) you're doing nothing about phishing and related types of forgery of
message header fields, which seem to be the most prevalent forms of
spam at the moment.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg