[ietf-dkim] New canonicalizations
vesely at tana.it
Tue May 31 09:43:44 PDT 2011
On 31/May/11 00:23, Murray S. Kucherawy wrote:
>> -----Original Message-----
>> From: On Behalf Of Steve Atkins
>> The most obvious thing that MLMs do that invalidate signatures are 1.
>> append content to the body and 2. prepend content to the subject line.
>> Any approach that allows me to replay messages while making those
>> changes seems to open the door to abuse.
While that's true for MLM, I'm not sure it correctly reflects MTAs'
behaviors. In particular, the X-MIME-AUTOCONVERT feature and whatever
may cause MIME rewriting. This is MTA-specific, and affects MLMs as
well as dot-forwards.
Pareto has been discussed enough, so I don't comment on the fact that
such minor part of the traffic would demand complicated and expensive
implementations to go through correctly.
> Agree on all counts. And I talked to the Mailman people, for
> example, about a modified header canonicalization that deals with
> Subject: tagging, and they also agreed it wouldn't help that much
> since that's not the most common change made that would invalidate
> the signatures.
Yeah, reply messages have subject-tags already in place. If MLM
subscriptions were known at submission time, tag addition before
signing could be easily done by MSAs, MUAs, or manually by users.
More information about the ietf-dkim