ietf-mailsig
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DKIM: Canonicalization

2005-07-17 09:20:51
from [Earl Hood] [Permanent Link] 

On July 17, 2005 at 00:27, domainkeys-feedbackbase02(_at_)yahoo(_dot_)com wrote:


    X     I = I + 1;

is a comment, where as:

X         I = I + 1;

is not.

So, if you have a canonicalization algorithm that ignores spaces, you could
reinject an email that has the X in the comment column with an email that has
the X in a non-comment column, thus completely changing the semantics of the
content, yet the signature still verifies.


A good example that the nowsp algorithm in the DKIM draft is not
acceptable.  Basically, when whitespace is significant, it should
not be eliminated.  That is why only trailing whitespace at the end
of lines should be done (along with removing LWSP at end of entities).

--ewh
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Content-Digest: MIMEFORM canonicalization, william(at)elan.net
Next by Date:  Re: Content-Digest: TEXT canonicalization, william(at)elan.net
Previous by Thread:  Re: DKIM: Canonicalization, domainkeys-feedbackbase02
Next by Thread:  Re: DKIM: Canonicalization, Tony Hansen
Indexes:  [Date] [Thread] [Top] [All Lists]