[ietf-dkim] IDNs, was Proposed new charter
Dave CROCKER
dhc at dcrocker.net
Wed Mar 3 06:48:04 PST 2010
On 3/3/2010 10:32 PM, Eliot Lear wrote:
> Certainly. In a nut shell, the problem is at the implementation end
> between the MUA and the signer. The common signers out there will only
> do so for certain domains, and they will generally only do so, based on
> the From: line. Here is where the confusion sets in. If an MUA sees an
> address, such as the following:
Confusion, indeed. In what way is the From: line relevant to DKIM, other than
being part of the header field hash?
I believe we are not in any way implying any changes to the hashing algorithm,
since DKIM does not do field-specific processing. (For example, it cannot know
all of the possible address header fields.)
> From: Eliot Lear =?iso-8859-1?Q?<lear at klapsm=FChle.ch>?=
>
> When the signer sees this, it could upgrade to get klapsmühle.ch, and
> then check the punycode version of that. Things get more confused in
> EAI, because there 8-bit MIME floating around. If you sign 8-bit MIME
> and a downgrade occurs, the game is over, and the signature is invalidated.
Ahh, well, the DKIM specification does not provide text that guides selection of
the d= value.
So, yes, the signer might have differential signing practices based on the From:
field, but that's outside the scope of the specification.
What am I missing?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the ietf-dkim
mailing list