[ietf-dkim] DKIM vs. MIME
Rolf E. Sonneveld
R.E.Sonneveld at sonnection.nl
Mon Apr 26 15:03:27 PDT 2010
Alessandro Vesely wrote:
> On 25/Apr/10 08:04, ned+dkim at mauve.mrochek.com wrote:
>>>> field, DKIM is doing something "wrong". In any case, it was suggested on that list that "relaxed" header canonicalization be adjusted to accommodate this.
> I'd rather define new canonicalization algorithms than tamper with
> existing ones.
>>> [...] but the addresses in To:, From:, Cc;, and so forth certainly are
>> [...] But since new media types are defined all the time, and old ones are revised, to say nothing of the types people just make up and never register. As such, you cannot possibly code something that gets case normalization right in general. So yes, it's hopeless.
> An alternative would be to err on the other side: a "mellowed"
> canonicalization, that respects only the fields and entities whose
> meaning and encoding is well known and stable, so as to allow some
> kind of forgeries rather than accidental breaking.
The main question here is: how often are DKIM signatures invalidated
during transit, what is the exact cause (case- or similar modifications
of header fields?) and how much do we gain by defining a new
canonicalization algorithm? Do we have any real-world figures about this
'accidental breaking'? How many DKIM signatures on average survive two
MTA hops? How many three hops? Etc.? Is there a relationship? And if
they get broken, is that due to changing case of header fields or due to
other changes? And if the number of broken signatures caused by transit
systems (apart from the mailing list issues, which bring their own
problems) is non-negligeable, is there anything that we can do to
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ietf-dkim