[ietf-dkim] Postfix: change of Content-Transfer-Encoding breaks DKIM signature / RFC recommendation
johnl at iecc.com
Wed Mar 25 16:11:43 PDT 2009
>> Unfortunately, this does not solve the problem. The 8bit-MIME to
>> 7bit conversion as required(*) in RFC 1652 replaces the entire
>> message body, and therefore it invalidates DKIM signatures even
>> when the Content-Transfer-Encoding header is not signed.
>Well, I thought the canonicalization would reduce the encoding problems
>but I didn't check this.
This might be a good time to reread 4871. It's not all that long.
>I expect if a redesign of DKIM would take place an improved
>canonicalization method could solve this problem?
We discussed this and basically decided that no, we're not going to
try to understand MIME. There's all sorts of stuff a helpful MTA
might do to a message, e.g., reorder the MIME parts, and any canonical
representation that tried to deal with them would be impossibly
If you want to maximize the chances that your signed message arrives
intact, downcode it to something in seven bits before you sign it.
More information about the ietf-dkim