[ietf-dkim] DKIM vs. MIME

[Rolf E. Sonneveld]

Alessandro Vesely wrote:
> On 25/Apr/10 08:04, ned+dkim at mauve.mrochek.com wrote:
>   
>>>> field, DKIM is doing something "wrong".  In any case, it was suggested on that list that "relaxed" header canonicalization be adjusted to accommodate this.
>>>>         
>
> I'd rather define new canonicalization algorithms than tamper with 
> existing ones.
>   

Agreed.

>>> [...] but the addresses in To:, From:, Cc;, and so forth certainly are
>>>       
>
>   
>> [...] But since new media types are defined all the time, and old ones are revised, to say nothing of the types people just make up and never register. As such, you cannot possibly code something that gets case normalization right in general. So yes, it's hopeless.
>>     
>
> An alternative would be to err on the other side: a "mellowed" 
> canonicalization, that respects only the fields and entities whose 
> meaning and encoding is well known and stable, so as to allow some 
> kind of forgeries rather than accidental breaking.
>   

The main question here is: how often are DKIM signatures invalidated 
during transit, what is the exact cause (case- or similar modifications 
of header fields?) and how much do we gain by defining a new 
canonicalization algorithm? Do we have any real-world figures about this 
'accidental breaking'? How many DKIM signatures on average survive two 
MTA hops? How many three hops? Etc.? Is there a relationship? And if 
they get broken, is that due to changing case of header fields or due to 
other changes? And if the number of broken signatures caused by transit 
systems (apart from the mailing list issues, which bring their own 
problems) is non-negligeable, is there anything that we can do to 
improve things?

/rolf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mipassoc.org/pipermail/ietf-dkim/attachments/20100427/f2635e3a/attachment.html