Dave CROCKER wrote:
On 5/25/2011 9:59 AM, John Levine wrote:
The idea is to anticipate any unknown signature breaker.
I'm pretty sure that's specifically out of scope.
And I promise that whatever you do, short of wrapping the whole
message in opaque armor, I can come up with something that will
break it.
One might have a goal of attempting to be robust against all forms
of potential breakage.
That's not likely to be the goal of this sort of exercise. Rather, it
will be to choose a set of particular types of breakage, ignoring others.
For an effort like that, it is not meaningful to come up with additional
types of breakage, since there is no attempt to cover such additional
examples.
Dave,
While one reasonably understand the statement for feasibility, I have
trouble with the vexing conflict exhibited when picking your battles
yet a particular skirmish (i.e. a particular mail stream) is not part
of the general solution.
For example, IETF-SMTP, when 100% of signing domain participating in
such a list constantly fails due to minute transparent changes, and it
includes your own domains, one tends to be more interested in looking
for a solution because it will water down the branding of your domains.
IOW, the idea of mixed results does not help DKIM when it all falls
under the same category. The list that does not change anything about
the message except adds a footer is the principle reason that gives
life to the "l=" tag and for domains to use it for a list known to add
only a footer.
For targeted list addresses I am a member of, I have my signer setup to:
- use "l="
- do not sign the "Subject:" header
So we did our job here. The only problem is the list that adds a
<CRLF> to the top of the message.
Sure, we are presuming this is a BUG and most likely is, but it could
be a simple matter that the list operator had an EMPTY TopHeader file
but has 2 bytes only in it <CRLF>. So we don't know what's actually
going on. But rest assured, we (well, I did) did not pay attention to
the extra TOP <CRLF>, only the extra BOTTOM <CRLF> potential.
I see that you are not signing your mail for IETF-SMTP. I am and as
well as others. Why is that not generally important? It is actually
one of the simpler C14N issues to deal with. It may be minor, but it
still an issue for a LIST that DKIM mail passes thru. I feel should be
part of a DKIM C14N consideration and also an MLM awareness issue, not
necessary for my sake but for DKIM sake.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html