Re: [Asrg] New DKIM canonicalization to avoid broken signatures
Alessandro Vesely <vesely@tana.it> Thu, 22 July 2010 18:05 UTC
Return-Path: <vesely@tana.it>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AC2903A6878 for <asrg@core3.amsl.com>; Thu, 22 Jul 2010 11:05:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[AWL=0.200, BAYES_50=0.001, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HkyZKkflVHMB for <asrg@core3.amsl.com>; Thu, 22 Jul 2010 11:05:17 -0700 (PDT)
Received: from wmail.tana.it (www.tana.it [62.94.243.226]) by core3.amsl.com (Postfix) with ESMTP id 1E6793A6844 for <asrg@irtf.org>; Thu, 22 Jul 2010 11:05:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tana.it; s=test; t=1279821929; bh=ACCaRjxTIQduQVXgDOzw5ze6aCNdBxlL8ytl+hjiEXQ=; l=1871; h=Message-ID:Date:From:MIME-Version:To:CC:References:In-Reply-To: Content-Transfer-Encoding; b=iJ65Y92c6Q7ZGEAZW9xNZPtGOiKqF3lg6t91NHrE+bZ+rGlg2j7qrmxO+k1uUaz4+ RvvOFlPlq3tWYbJEGR3lCnLSB+t3D48VnRWNU2jQ5qTJgcUhIoZwk/ZtVCYdQaW8Kl t/0da7tckB+sjyavNWvYOjuNJ1wBQ+lnPlSBLvE0=
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA; Thu, 22 Jul 2010 20:05:29 +0200 id 00000000005DC036.000000004C488869.00003BB8
Message-ID: <4C488868.9050909@tana.it>
Date: Thu, 22 Jul 2010 20:05:28 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100711 Thunderbird/3.0.6
MIME-Version: 1.0
To: "Murray S. Kucherawy" <msk@cloudmark.com>
References: <4BDB140D.2030804@tana.it> <BB012BD379D7B046ABE1472D8093C61C01F2841814@EXCH-C2.corp.cloudmark.com>
In-Reply-To: <BB012BD379D7B046ABE1472D8093C61C01F2841814@EXCH-C2.corp.cloudmark.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Charles Lindsey <chl@clerew.man.ac.uk>, Anti-Spam Research Group - IRTF <asrg@irtf.org>
Subject: Re: [Asrg] New DKIM canonicalization to avoid broken signatures
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2010 18:05:18 -0000
On 30/Apr/10 19:58, Murray S. Kucherawy wrote: >> From: asrg-bounces@irtf.org [mailto:asrg-bounces@irtf.org] On Behalf Of Alessandro Vesely >> We'd need to discuss the details, implement them, and test. >> >> Anyone interested? > > I'm up for the conversation, and OpenDKIM is a decent place to exercise a well-considered alternative canonicalization scheme if the participants can reach consensus. If something comes out of that which makes sense and works, it becomes a candidate for standardization. This just to note that a similar approach --considering MIME entities, that Charles Lindsey called "a somewhat more aggressive canonicalization"-- was introduced about October 2006 [CL1]. One month later, Charles wrote again [CL2], giving a proof of concept in Perl [UNC]. Some of the WG responses may illuminate on why John suggested to change list for this discussion... > But I have no illusions that any of that will be an easy trek, technically I think we'd just need to find a suitable MIME library in C, and experiment so as to come out with "an Internet Draft documenting a new proposed canonicalization" (in Barry's words [BL]). However, before possibly shifting to yet another list (opendkim-*), it may be useful to discuss whether we want to limit signatures to parts that won't be dropped, e.g. using l= or similar tag. For example, alternative HTML text poses a difficulty, because either part can be used, or dropped. How about adding a "part-hash" in each entity's header? > or politically. I'd leave esoteric stuff to somebody else :-) -- [CL1] http://mipassoc.org/pipermail/ietf-dkim/2006q4/006305.html [CL2] http://mipassoc.org/pipermail/ietf-dkim/2006q4/006629.html [UNC] http://www.cs.man.ac.uk/~chl/uncode/uncode.html [BL] http://mipassoc.org/pipermail/ietf-dkim/2006q4/006648.html
- [Asrg] New DKIM canonicalization to avoid broken … Alessandro Vesely
- Re: [Asrg] New DKIM canonicalization to avoid bro… Murray S. Kucherawy
- Re: [Asrg] New DKIM canonicalization to avoid bro… Alessandro Vesely
- Re: [Asrg] New DKIM canonicalization to avoid bro… David Nicol
- Re: [Asrg] New DKIM canonicalization to avoid bro… Alessandro Vesely