Fwd: Re: [ietf-dkim] Introducing myself

Charles Lindsey chl at clerew.man.ac.uk
Wed Dec 6 05:13:08 PST 2006 

On Mon, 06 Nov 2006 10:47:45 -0000, Charles Lindsey <chl at clerew.man.ac.uk>  
wrote:

> On Sat, 04 Nov 2006 02:03:38 -0000, John Levine <johnl at iecc.com> wrote:

That was quite some time ago, so to refresh your memories, I had been  
claiming that DKIM-base would fail to verify if some message had its  
Content-Transfer-Encoding changed en route, and that it proposed to get  
around this by saying that all messages SHOULD be sent as 7bit, or encoded  
into 7bit. In these days when 8BITMIME is now almost universally supported  
and widely used (with BINARYMIME coming along as well), that seemed to be  
a very backward step. So I proposed a canonicalization that would reverse  
all those encodings before hashing.

>> You can sign whatever you want, but if the message is 7bit, your
>> signature is more likely to survive transit to the verifier.

But of course I don't want them to be "likely to survive". I want a system  
that is robust enough that they "always survive".
>
>> DKIM doesn't understand MIME.  If DKIM signers and verifiers had to
>> unpack MIME parts they would be orders of magnitude more complicated.
>> In practice, I think that nearly everyone uses the simple body canon
>> anyway.
>
> Not at all. Going through the MIME structure of a message body and  
> undoing
> all Q-P or Bas64 encodings is fairly straightforward, and if you hash and
> sign the result of doing that, then it is guaranteed to pass straight
> through all those systems which (quite legitimately under RFC 1652)
> re-encode stuff en route, without breaking the signature. I shall try to
> write a demonstration implementation in the next day or so, and it
> certainly won't be "orders of magnitude more complicated".

So it was an issue of whether such a canonicalization really would be  
"orders of magnitude more complicated". Anyway, I have been working off  
and on on this since then, and I have written a demonstration  
implementation, as promised, of what it would take, which you can find at  
<http://www.cs.man.ac.uk/~chl/uncode/uncode.html>.

It is less that 140 lines of Perl (excluding comments and empty lines).  
Hardly any "orders of magnitude" in evidence there.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5

More information about the ietf-dkim mailing list