ietf-mailsig
[Top] [All Lists]

Re: Content-Digest: MIMEFORM canonicalization

2005-07-17 10:19:46

On July 17, 2005 at 09:13, "william(at)elan.net" wrote:

The draft is written to be similar to Digest-MD5 in most core elements
including as it applies to Content-Transfer-Encoding. In RFC1544 is says:

I understand what you wrote about CTE and raw data, that is not
what I am refering to.  However, CTE and when digest canonicalization
is done is a separate, albeit related issue I will raise in
a separate message.

I see no reason a verifier needs to worry about what the content-type
is inorder to know which canonicalization method must be applied if
MIMEFORM is specified in Content-Digest.

I've searched through MIME and related RFCs and I could not find 
definitions of what MIME canonical form implies for anything other
then text/* mime entities. That is why MIMEFORM is specifies to mean
one type of canonicalization for text and another canonicalization
for anything else.

The whole digest canonicalization process is to deal with
potential, unmalicious, mutations of message data during transit.

In MIME, CTE exists to deal with legacy systems (that are not 8-bit
aware or do whitespace modification).  Therefore, it appears
that you should avoid "re-implementing" such things when possible.
CTE is Content-Type neutral.  For example, I can base64 encode
text messages.  Now, it is recommended that certain media-types
should be CTEed, but CTE decoding does not need, and should not,
care about the content-type is.

Since Content-Digest is MIME-aware wrt to MIME entities, the
CTE should play a role in signature verification since some CTEs
will protect against mutation.  This avoids unnecessary work.

We do know that if CTE is base64 or quoted-printable, the entity is
protected against mutation (QP is a little shaky and can be discussed
later).  Therefore, if the entity is base64 or QP encoded, regardless
of content-type, the BARE method can be employed (since verification
is on the raw data).

For 7bit and 8bit, TEXT is needed, regardless of content-type.
Such CTEs represent line record oriented data, and hence, may be
susceptible to transit mutations.

I'm not sure I'm explaining myself well enough, but I fail to
see why Content-Type needs to play a role at all wrt to MIMEFORM.

--ewh


<Prev in Thread] Current Thread [Next in Thread>