Re: Goldilocks Canonicalization


I don't think this is going too far over the edge.  Is this being suggested 
as a third canon method or as a replacement for the existing "nowsp" method?

--
Arvel Hathcock
CEO, Alt-N Technologies, Ltd.
Helping the World Communicate!
http://www.altn.com



-----Original Message-----
From: Douglas Otis <dotis(_at_)mail-abuse(_dot_)org>
To: Michael Thomas <mike(_at_)mtcc(_dot_)com>
Cc: Jim Fenton <fenton(_at_)cisco(_dot_)com>, Dave Crocker 
<dcrocker(_at_)bbiw(_dot_)net>, 
arvel(_at_)altn(_dot_)com, ietf-mailsig(_at_)imc(_dot_)org
Date: Mon, 18 Jul 2005 18:24:51 -0700
Subject: Re: Goldilocks Canonicalization



On Jul 18, 2005, at 5:13 PM, Michael Thomas wrote:

Douglas Otis wrote:

It seems DKIM could do better, as 'nowsp' will likely invite abuse


... senders always have the recourse to modify the body to
qp or b64 or use the the simple canonicalization instead. Other
suggestions have from what I've seen been wanting to slide right
down the complexity slippery slope for which I have a great deal
of problem -- we already have ability *before* you send the message
to DKIM to be signed.



What do you think of Earl Hood's suggestion?  Is that going too far  
over the edge?

,---
| For the headers,
|   1. Strip all WSP characters at the end of each line of a header  
field,
|      before any unfolding is done.
|   2. Unfold any fields that are folded.
|   3. Convert field names to lowercase.
|
| For the body,
|   1. LWSP at the beginning of the body is removed.
|   2. All trailing WSP at the end of lines are removed.
|   3. Any lone CR or LF is converted to CRLF.
|   4. LWSP at the end of the body is removed.
|  (5. Lines in excess of 2048 octets, should be wrapped prior to  
signing,
|      per Sendmail conventions.)
'---

I admit to being concerned by a potential for a replay problem, in  
addition to a failure rate due to canonicalization limitations.   
Perhaps Goldilocks is a reference to there being three choices?   
Perhaps a mode between 'simple' and 'nowsp' _is_ just right.  : )

It seems most messages are not base64, so this will entail an  
additional base64 encoding prior to signing, which seems to go  
against your motto of doing no harm.  I don't think quoted-printable 
conversion offers much in the way of protection from modifications  
that 'nowsp' allows.  The goal of qp was to overcome character  
conversions and 7 bit limitations, but still allows normal ASCII text
 
which includes these characters that MAY be escaped.

-Doug

<Prev in Thread]	Current Thread	[Next in Thread>
Re: DKIM: Canonicalization, (continued) Re: DKIM: Canonicalization, Tony Hansen Re: DKIM: Canonicalization, Earl Hood Re: DKIM: Canonicalization, Arvel Hathcock Re: DKIM: Canonicalization, Dave Crocker Re: DKIM: Canonicalization, Jim Fenton Re: DKIM: Canonicalization, Frank Ellermann Re: DKIM: Canonicalization, Earl Hood Re: DKIM: Canonicalization, Douglas Otis Goldilocks Canonicalization, Michael Thomas Re: Goldilocks Canonicalization, Douglas Otis Re: Goldilocks Canonicalization, Arvel Hathcock <= Re: DKIM: Canonicalization, william(at)elan.net Re: DKIM: Canonicalization, Earl Hood Re: DKIM: Canonicalization, Jon Callas Re: DKIM: Canonicalization, Earl Hood Re: DKIM: Canonicalization, Arvel Hathcock Re: DKIM: Canonicalization, william(at)elan.net Re: DKIM: Canonicalization, Arvel Hathcock Re: DKIM: Canonicalization, william(at)elan.net Re: DKIM: Canonicalization, Douglas Otis Re: DKIM: Canonicalization, Arvel Hathcock

Previous by Date:	Re: DKIM - Header Fields, Hector Santos
Next by Date:	Re: DKIM: Canonicalization, Earl Hood
Previous by Thread:	Re: Goldilocks Canonicalization, Douglas Otis
Next by Thread:	Re: DKIM: Canonicalization, william(at)elan.net
Indexes:	[Date] [Thread] [Top] [All Lists]