Hi, Murray,
On 10/25/10 6:21 AM, Murray S. Kucherawy wrote:
OpenDKIM now has enough data to make some interesting observations
about signatures and MIME.
As far as MIME encodings go (only the "outermost" encoding was
counted), there was a pretty common theme:
binary failed 4% of the time
quoted-printable failed 4% of the time
7bit failed 7.7% of the time
base64 failed 7.8% of the time
8bit failed 14% of the time
16bit (?!) never failed (though there was only one attempt)
I expected 8bit to fail more for some reason.
Interesting figures. Especially the 16bit ;-)
As far as MIME parts go (again, only the "outermost" MIME type was
counted), most of them have about a 90-93% survival rate which is
about in line with general signature survival rates.
This still leaves the question open whether there is any relation
between MIME labelling and -content transfer encoding, or none at all.
The one that stands out is "multipart/signed" (from RFC1847) which
drops to about a 65% survival rate.
I'm not sure whether 'survival' is the correct term in your report. I
assume you mean percentages of DKIM signatures that verify correctly as
seen by the verifier? The other 7-10% of signatures can also come from
Bad Actors who replay signatures with different content of the message.
It is possible they arrive unchanged at the verifier and then fail
verification, but that doesn't mean the (replayed) DKIM signature did
not 'survive'.
I don't know much about how this is typically formatted or treated
enroute, but it was easily the biggest outlier in the report. Not
sure if that should be a surprise to us or not.
In general the fundamental question here is indeed about survival rate:
what is the real and 'exact' percentage of messages, signed by domain
example.com that still verifies correctly after n hops by the verifier
where n = 1,2,3,4...
/rolf
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html