ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] New canonicalizations

2011-05-17 11:48:05
On 17/May/11 16:45, Ian Eiloart wrote:
However if some of the messages were never properly signed (whether
failed attempts to spoof, or administrative or technical failure),
then that 20% must be higher. It could even represent 100%
reduction in false negatives due to (otherwise benign) in-flight
modifications.

Actually, those figures don't even distinguish between failures due
signature comparison and earlier errors, such as body-hash mismatch or
invalid key.  To run the test properly we'd need to put two
DKIM-Signatures with different canonicalizations, on each message.

I don't know what is going to happen with EAI and YAM, but one day
we'll have utf-8 in the header as well as in the body.  As it would be
very clumsy to insist for 7-bit normalizations at that point, I think
there will be a new revision; presumably, the next one after 4871bis.
 If we'll have some test results of a new canonicalization at that
time, showing, say, 95%~98% "pass", the new canonicalization can be
included in such future DKIM revision.  That would be a significant
improvement, won't it?
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html