On Jul 20, 2005, at 8:37 AM, Michael Thomas wrote:
Thomas Roessler wrote:
Or one could insert an empty line in front of a content-type header,
turning an HTML body part into a text/plain one. (Do that on a
large scale with a legitimate, DKIM-signed HTML message from some
large financial institution, and see how their helpdesk reacts to
it.)
Huh? This would break the signature. In any case, banks are
poster children for users who should use simple.
While I agree this technique would break the signature, I would not
agree that banks are best suited for the 'simple' mode. Banks want
to ensure delivery of their messages, perhaps more than other
organizations. The reason to improve upon 'simple' is to make it
more robust. This would be the same reason that banks would find
'simple' wanting.
I wouldn't be surprised if there were more interactions between MIME
and nowsp.
Basically, there is a lot of structure in MIME messages that
actually depends on where whitespace and line breaks are in the
message body. nowsp canonicalizes that structure away, and opens the
door for manipulations.
Likewise, there are a lot of things that innocently mangle messages
in transit. This is a tradeoff. Things that really, really want
assurance that their message is not tampered with should use
simple.
I still like Earl Hood's suggestion, as this offers much better
message protection to guard against replay abuse. It is not just
tampering that could become a problem, but also proliferation of
'artwork' messages. Such messages would be difficult to filter,
would enjoy the reputation of the signer, and could be used to convey
a message aimed at generating revenue. This would be a nasty
problem. Earl's approach will deal with typical (and acceptable)
behaviors of MTAs and also prevent this abuse. To meet your concern
of long lines being wrapped by a server (an acceptable behavior)
there could be a suggestion that this acceptable operation be done
prior to signing. The code to implement this algorithm is slightly
more complex than 'nowsp', but it does not involve being aware of
what form is used to convey the message. Even with 'nowsp', any
change to the form used to convey the message will still break the
signature.
,---
| For the headers,
| 1. Strip all WSP characters at the end of each line of a
| header field, before any unfolding is done.
| 2. Unfold any fields that are folded.
| 3. Convert field names to lowercase.
|
| For the body,
| 1. LWSP at the beginning of the body is removed.
| 2. All trailing WSP at the end of lines are removed.
| 3. Any lone CR or LF is converted to CRLF.
| 4. LWSP at the end of the body is removed.
'---
-Doug