On Jul 18, 2005, at 11:36 AM, Jim Fenton wrote:
Dave Crocker wrote:
Making sure we are all very clear about the nature and purpose of
canonicalization, as used by DKIM, is not a small point. Should
there be changes in the language of the draft to try to work
harder, at ensuring the reader understands this point?
Members of the list differ on what canonicalization is trying to
accomplish. We need to get consensus on that before we make much
progress on what the algorithm(s) themselves are. Here are some
possibilities:
1. Minimal changes to the message.
2. Only allow modifications explicitly permitted by RFC2822.
3. Do not alter the semantics of the message.
4. Do not provide a reasonable opportunity for abuse.
An algorithm in each category is sufficient for each succeeding
category (earlier categories are more conservative and later ones
are more liberal).
As written, 'simple' is in category 1 and 'nowsp' is in category
4. If we really want to preserve semantics, we need something
other than nowsp, but the goal (well, mine at least) was to prevent
abuse, not necessarily to maintain semantics. Is that the right goal?
I don't think that 'nowsp' offers as much immunity from abuse as you
may expect.
Here is an example where the last lines are changed:
,---
| As written, 'simple' is in category 1 and 'nowsp' is in
| category 4. If we really want to preserve semantics, we need <200
tabs> something other than
| nowsp, but the goal (well, mine at least) was to prevent abuse,
<200 tabs> not necessarily
| to maintain semantics. Is that the right goal?
'---
Your message will still appear to be signed, but unless the portion
of the text to the right of the 200 tabs is visible, the meaning of
this last email has changed. While indeed ASCII art may be one
problem, and perhaps used as a ploy to dodge responsibility for
messages found in such artwork, there is also a problem of text being
pushed beyond view with clever placement of newlines and whitespace,
or where spread sheets are altered by regrouping numbers, etc.
It seems DKIM could do better, as 'nowsp' will likely invite abuse
and fuel an artwork replay problem, or a ploy to make the sender
appear to be a victim of such abuse. This makes dealing with replay
issues a more difficult problem, as with such freedom, it would be
difficult to tell who did what. At some point, once 'nowsp' abuse
becomes prevalent, this mode would need to be abandoned. More should
be available than just the 'simple' mode. I hope this wg can define
something between these two modes.
-Doug