Dave Crocker wrote:
I feel that DKIM should be as forgiving as possible without changing the semantics. If RFC2822 says that header field names are always case insensitive and that the header fields MAY be folded, shouldn't we canonicalize that out?RFC-2822 explictly states that header fields names are to be treatedcase insensitive and the header fields are to be unfolded before any further processing is done on the field.This raises a question I find interesting: Is the type of DKIM processing the same as is meant by the reference you cite?RFC822/RFC2822 have a focus on process the structure and content of a message. Hence they focus on its semantics.
As for the removal of internal white space in the nowsp canonicalization, if whitespace is something that can't be exploited by an attacker, why not remove it? The only exploit I'm aware of is the somewhat ridiculous "ASCII art" attack where an existing message is respaced to spell out something else in big letters.
The best argument for 'simple' IMO is not that it is aspirational, but that it is a backup plan in case there really is an exploit against nowsp that we're not thinking of. I also think it may also be useful to provide some ability to allow signers to trade off security against survivability.
-Jim
Previous by Date: | Re: DKIM: Canonicalization, Miles Libbey |
---|---|
Next by Date: | Re: MASS Proposals Comparison Matrix, Arvel Hathcock |
Previous by Thread: | Re: DKIM: c=simple is aspirational, Dave Crocker |
Next by Thread: | Re: DKIM: c=simple is aspirational, Earl Hood |
Indexes: | [Date] [Thread] [Top] [All Lists] |