Alessandro Vesely wrote:
On 25/Apr/10 08:04, ned+dkim(_at_)mauve(_dot_)mrochek(_dot_)com wrote:
field, DKIM is doing something "wrong". In any case, it was suggested on that list that
"relaxed" header canonicalization be adjusted to accommodate this.
I'd rather define new canonicalization algorithms than tamper with
existing ones.
Agreed.
[...] but the addresses in To:, From:, Cc;, and so forth certainly are
[...] But since new media types are defined all the time, and old ones are
revised, to say nothing of the types people just make up and never register. As
such, you cannot possibly code something that gets case normalization right in
general. So yes, it's hopeless.
An alternative would be to err on the other side: a "mellowed"
canonicalization, that respects only the fields and entities whose
meaning and encoding is well known and stable, so as to allow some
kind of forgeries rather than accidental breaking.
The main question here is: how often are DKIM signatures invalidated
during transit, what is the exact cause (case- or similar modifications
of header fields?) and how much do we gain by defining a new
canonicalization algorithm? Do we have any real-world figures about this
'accidental breaking'? How many DKIM signatures on average survive two
MTA hops? How many three hops? Etc.? Is there a relationship? And if
they get broken, is that due to changing case of header fields or due to
other changes? And if the number of broken signatures caused by transit
systems (apart from the mailing list issues, which bring their own
problems) is non-negligeable, is there anything that we can do to
improve things?
/rolf
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html