[ietf-dkim] MLM and C14N
hsantos at isdg.net
Sat May 14 15:20:31 PDT 2011
Shouldn't the MLM I-D say something regarding C14N and CR/LF related
For example, it can say something in:
- Section 3.2 for the Aliasing MLM type
- Section 3.3 for the Minor Body Changes possibility.
Maybe something in one of the handling sections:
Verifications of list messages resulting with an invalid body
check to see if there is an extra line between the message
the body and retry the body hash verification with the line stripped.
I hate kludges but the insight for interested DKIM verifiers may help
increase valid signatures coming from Aliasing list streams with
slight CR/LR mutations.
Hector Santos wrote:
> SM wrote:
>> Hi Hector,
>> At 15:23 13-05-2011, Hector Santos wrote:
>>> I am wondering if anyone else can confirm BODY HASH errors with the
>>> originating author domain DKIM signature mail submitted to the
>>> IETF-SMTP fora.
>> Yes. It may be an extra line between the message headers and the body.
> Visually comparing the sent message versus the one echoed back by the
> list, that seems to be the case. Checking into this, I see that I
> discovered this issue back in 2006 and wrote this I-D proposing a new
> C14N method called STRIP.
> The DKIM base protocol has offers two digital signature
> canonicalization (cl4n) methods called "relaxed" and "simple" with
> low reliability and survivability during in-transient operations.
> This proposal describes a new STRIP canonicalization algorithm and
> method to increase the reliability and survivability of the digital
> signature. In additional, the proposal describe new original body
> hashing requirements to help secure STRIP c14n security concerns
> found in a similar but deprecated NOFWS c14n method.
> From the 1.0 introduction:
> This documents introduces the new STRIP c14n which is similar to
> RELAXED but with the added logic to remove all CR and LF characters
> from the hashing engine. The STRIP c14n is very similar to the NOFWS
> c14n method used by Yahoo's experimental DomainKeys protocol and was
> once considered for usage for the DKIM protocol. However, since it
> was determined the NOFWS c14n exhibited some replay security threats,
> it is expected for STRIP c14n to also inherent the same security
> The security concern stated in the final sentence were addressed in
> this proposal.
More information about the ietf-dkim