[ietf-dkim] 8bit downgrades

[Ian Eiloart]

On 23 May 2011, at 17:10, Hector Santos wrote:

> Ian Eiloart wrote:
>> On 23 May 2011, at 15:19, Hector Santos wrote:
> 
>>>> But why skip? Usually the message won't be downgraded. And even if they are, usually a broken signature will cause no harm.
>>> Thats the problem - define "usually" and also define "no harm."
> 
>> Well, harm will only be done when someone incorrectly punishes a broken signature. They should not do that,
> 
> Rhetorically, why not?  Put another way, why should a receiver tolerate failure, or better, why should DKIM itself - the technology - tolerate failure?  Sounds like DKIM has some inner soul turmoils - a devil on one shoulder and angel on the other.

Because there are known to be paths that break DKIM signatures. And because of this: http://www.apps.ietf.org/rfc/rfc4871.html#sec-6.3

>> so the damage is actually done by the recipient, not by the downgrading.
> 
> Well, thats a difference in two reasonable mindsets - a receiver who views faults as part of the strength of securing a technology and a receiver who tolerates faults - accepts everything including one that are direct and indirectly created and passes the buck to end-users.  I like to believe there exist a commonality where false positive deterministic methods can be use to detect violations of an authentication and integrity technology.
> 
> Rhetorically, its all for nothing, why bother looking at how to fix C14H hashing, talk about content formatting downgrades when failure is tolerated and per specification, deliberately ignored?

Because success has value, if you have a good reputation as a signer.


-- 
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148