ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] New canonicalizations

2011-05-26 08:24:45
from [Hector Santos] [Permanent Link] 
Dave CROCKER wrote:


On 5/25/2011 9:59 AM, John Levine wrote:

The idea is to anticipate any unknown signature breaker.

I'm pretty sure that's specifically out of scope.

And I promise that whatever you do, short of wrapping the whole
message in opaque armor, I can come up with something that will
break it.


One might have a goal of attempting to be robust against all forms
of potential breakage.

That's not likely to be the goal of this sort of exercise.  Rather, it 
will be to choose a set of particular types of breakage, ignoring others.  
For an effort like that, it is not meaningful to come up with additional 
types of breakage, since there is no attempt to cover such additional 
examples.



Dave,

While one reasonably understand the statement for feasibility, I have 
trouble with the vexing conflict exhibited when picking your battles 
yet a particular skirmish (i.e. a particular mail stream) is not part 
of the general solution.

For example, IETF-SMTP, when 100% of signing domain participating in 
such a list constantly fails due to minute transparent changes, and it 
includes your own domains, one tends to be more interested in looking 
for a solution because it will water down the branding of your domains.

IOW, the idea of mixed results does not help DKIM when it all falls 
under the same category.  The list that does not change anything about 
the message except adds a footer is the principle reason that gives 
life to the "l=" tag and for domains to use it for a list known to add 
only a footer.

For targeted list addresses I am a member of, I have my signer setup to:

    - use "l="
    - do not sign the "Subject:" header

So we did our job here.  The only problem is the list that adds a 
<CRLF> to the top of the message.

Sure, we are presuming this is a BUG and most likely is, but it could 
be a simple matter that the list operator had an EMPTY TopHeader file 
but has 2 bytes only in it <CRLF>.  So we don't know what's actually 
going on. But rest assured, we (well, I did) did not pay attention to 
the extra TOP <CRLF>, only the extra BOTTOM <CRLF> potential.

I see that you are not signing your mail for IETF-SMTP.  I am and as 
well as others.  Why is that not generally important? It is actually 
one of the simpler C14N issues to deal with.  It may be minor, but it 
still an issue for a LIST that DKIM mail passes thru. I feel should be 
part of a DKIM C14N consideration and also an MLM awareness issue, not 
necessary for my sake but for DKIM sake.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com



_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] DKIM Scouts, was 8bit downgrades, Ian Eiloart
Next by Date:  Re: [ietf-dkim] DKIM Scouts, was 8bit downgrades, John R. Levine
Previous by Thread:  Re: [ietf-dkim] New canonicalizations, Dave CROCKER
Next by Thread:  Re: [ietf-dkim] New canonicalizations, Alessandro Vesely
Indexes:  [Date] [Thread] [Top] [All Lists]