ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] IETF-SMTP signed mail DKIM BODY HASH Failures

2011-05-14 15:51:44
SM wrote:
Hi Hector,
At 15:23 13-05-2011, Hector Santos wrote:
I am wondering if anyone else can confirm BODY HASH errors with the
originating author domain DKIM signature mail submitted to the
IETF-SMTP fora.

Yes.  It may be an extra line between the message headers and the body.

Visually comparing the sent message versus the one echoed back by the 
list, that seems to be the case.   Checking into this, I see that I 
discovered this issue back in 2006 and wrote this I-D proposing a new 
C14N method called STRIP.

     http://tools.ietf.org/html/draft-santos-dkim-strip-00

Abstract

    The DKIM base protocol has offers two digital signature
    canonicalization (cl4n) methods called "relaxed" and "simple" with
    low reliability and survivability during in-transient operations.
    This proposal describes a new STRIP canonicalization algorithm and
    method to increase the reliability and survivability of the digital
    signature.  In additional, the proposal describe new original body
    hashing requirements to help secure STRIP c14n security concerns
    found in a similar but deprecated NOFWS c14n method.

 From the 1.0 introduction:

    ....

    This documents introduces the new STRIP c14n which is similar to
    RELAXED but with the added logic to remove all CR and LF characters
    from the hashing engine.  The STRIP c14n is very similar to the NOFWS
    c14n method used by Yahoo's experimental DomainKeys protocol and was
    once considered for usage for the DKIM protocol.  However, since it
    was determined the NOFWS c14n exhibited some replay security threats,
    it is expected for STRIP c14n to also inherent the same security
    concerns.

The security concern stated in the final sentence were addressed in 
this proposal.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html