[ietf-dkim] New canonicalizations
Murray S. Kucherawy
msk at cloudmark.com
Fri May 27 10:16:38 PDT 2011
> -----Original Message-----
> From: ietf-dkim-bounces at mipassoc.org [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Alessandro Vesely
> Sent: Friday, May 27, 2011 10:09 AM
> To: ietf-dkim at mipassoc.org
> Subject: Re: [ietf-dkim] New canonicalizations
> By introducing a loose canonicalization we may learn whether signature
> survivability affects DKIM adoption. If wider usage introduces
> attacks, we can switch back to current canonicalizations --in case
> downgrades will have gone away-- or design yet another one,
> approaching just the tightness we need. My appeal is for not imposing
> monotonicity to successive approximations, and allow erring on the
> too-lose side as well.
So what, for example, would you do differently? The unfortunate thing about the way the crypto works is that you get a failure, but you don't know for sure what changed other than "it was in the header" or "it was in the body". "z=" sometimes gives you details about the former but it's not in widespread use.
I'm all for including experimental code in future releases of our stuff, especially if it's an experiment other implementations are trying. But I need to see a spec first, or enough detail that I could write one.
More information about the ietf-dkim