[ietf-dkim] New canonicalizations
John R. Levine
johnl at iecc.com
Mon May 23 11:14:50 PDT 2011
> If one were to encode somehow an extension indication that "this content was subjected to 8-to-7 downgrade" as a hint that a verifier should do the reverse before verifying, the verifier would have to manage to undo the downgrade in precisely, i.e. byte-for-byte, the same manner that the downgrade was done for it to work. That's a pretty high requirement for interoperability (i.e., it's pretty error-prone), so it requires a specification and it would need to be consistent with the MIME RFCs.
Seems to me that if someone were that desperate to get a signed message
through a downgraded path, they should wrap the whole thing in a
base64 encoded message/rfc822 mime part and send it that way.
This all strikes me as mostly hypothetical, and unlikely to affect more
than a tiny sliver of mail.
The EAI group, which has way more experience with character set issues and
downgrades than we do, tried all sorts of downgrade experiments and
decided that none of them were workable. The current nearly final draft
says that if you want to send an EAI message, you better find a path to
the recipient that can deliver it as is. Perhaps we should take the hint.
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
More information about the ietf-dkim