request for change in son-of-rfc2633
"Peter Hesse" <pmhesse@geminisecurity.com> Tue, 11 November 2003 04:13 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA04307 for <smime-archive@lists.ietf.org>; Mon, 10 Nov 2003 23:13:58 -0500 (EST)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAB3gKkT009163 for <ietf-smime-bks@above.proper.com>; Mon, 10 Nov 2003 19:42:20 -0800 (PST) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hAB3gKnC009162 for ietf-smime-bks; Mon, 10 Nov 2003 19:42:20 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from lakemtao02.cox.net (lakemtao02.cox.net [68.1.17.243]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hAB3gIkT009150; Mon, 10 Nov 2003 19:42:19 -0800 (PST) (envelope-from pmhesse@geminisecurity.com)
Received: from WJJCUSCLANGSTO1 ([68.101.35.22]) by lakemtao02.cox.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP id <20031111034205.OWO2297.lakemtao02.cox.net@WJJCUSCLANGSTO1>; Mon, 10 Nov 2003 22:42:05 -0500
Message-ID: <001101c3a805$c5b5ba70$4d2412ac@jjcus.na.jnj.com>
From: Peter Hesse <pmhesse@geminisecurity.com>
To: ietf-smime@imc.org, ietf-pkix@imc.org
Subject: request for change in son-of-rfc2633
Date: Mon, 10 Nov 2003 22:41:52 -0500
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_000D_01C3A7DB.D5E6B950"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
All, I have recently run into a problem with signed emails not being able to be verified, because of the presence of the word "From" in the first columns of a line of the email message. This email will serve as an example of this potential problem. If your email client sees this message as signed but the signature is invalid, the next paragraph should start with the word "From"--see if it has been modified. From appearing as the first characters after a blank line will result in some email delivery agents (such as sendmail or exim) escaping the word--"From" is replaced with ">From". The reason for this behavior has to do with the UNIX mbox mail storage file format. The mbox format stores multiple messages in one file, and the messages are separated by the word "From" as the first characters following a blank line. Some mail delivery agents do not have this problem (i.e. Exchange), because they do not store messages in the mbox format. Many do, however, resulting in a modification of the message and the signature being invalidated. I would like to request that this issue be more directly dealt with in son-of-RFC2633. (Currently, it is mentioned in the example MIME-encoded message, but nowhere in the text.) One recommendation might be to borrow from RFC2015 (MIME Security with PGP), which states: Though not required, it is generally a good idea to use Quoted- Printable encoding in the first step (writing out the data to be signed in MIME canonical format) if any of the lines in the data begin with "From ", and encode the "F". This will avoid an MTA inserting a ">" in front of the line, thus invalidating the signature! Perhaps this might even be a SHOULD, although I will ask the group to weigh in on that. Thanks, --Peter
- request for change in son-of-rfc2633 Peter Hesse