[ietf-dkim] Postfix: change of Content-Transfer-Encoding breaks DKIM signature / RFC recommendation
chl at clerew.man.ac.uk
Thu Mar 26 04:10:35 PDT 2009
On Wed, 25 Mar 2009 21:55:48 -0000, Florian Sager <sager at agitos.de> wrote:
>>> According to the mails below the RFC compliant change of content
>>> encoding in MTA-forwarding may break signatures that follow the RFC
>>> recommendation to include header "Content-Transfer-Encoding" in the
>>> signature. This header should be removed from section 5.5. Recommended
>>> Signature Content (The following header fields SHOULD be included in
>>> signature ...).
>> Unfortunately, this does not solve the problem. The 8bit-MIME to
>> 7bit conversion as required(*) in RFC 1652 replaces the entire
>> message body, and therefore it invalidates DKIM signatures even
>> when the Content-Transfer-Encoding header is not signed.
> Well, I thought the canonicalization would reduce the encoding problems
> but I didn't check this.
> I expect if a redesign of DKIM would take place an improved
> canonicalization method could solve this problem?
Indeed, I pointed this out when I first joined this list, but it was too
late for inclusion in our draft at that time (though the Chair did suggest
I should write up a draft for an enhancement, and it could indeed be done
if/when we do a full -bis).
There are details of my canonicalization at
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim