[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DKIM: c=simple is aspirational

To: ietf-mailsig@xxxxxxx
Subject: Re: DKIM: c=simple is aspirational
From: <domainkeys-feedbackbase02@xxxxxxxxx>
Date: Sat, 16 Jul 2005 23:58:22 -0700 (PDT)
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=OLXauO8nM9cfgQKYCP8TgdXEVSnAoHxncS/XCJExVc83MQZfxjBzSoCmCT4x72qlU/QAUrHSbVQ8Cte2iR70O3HiAqaFHh3XOHXnkPqYEE3UyGl9v4db6MlrxrquzKHT2SxQOgsKh7MJGE2/UhfYFa8ABlUDePcISvCO6e2Euzo= ;
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-mailsig/mail-archive/>
List-id: <ietf-mailsig.imc.org>
List-unsubscribe: <mailto:ietf-mailsig-request@imc.org?body=unsubscribe>
Reply-to: domainkeys-feedbackbase02@xxxxxxxxx
Sender: owner-ietf-mailsig@xxxxxxxxxxxx

--- Michael Thomas <mike@xxxxxxxx> wrote:

> you're missing one use case of simple which doesn't have an
> dependencies on aspirations: the case were a signer would rather
> the signature break -- with even the possibility of discard.
> For example, statements@xxxxxxxxxxx probably does not want anything
> monkeyed with their statement, and is willing to tolerate the
> risk of manglers.

Ahh yes. Good point. I keep forgetting that. The other point is that *any*
canonicalization that allows
removal or replacement has *some* risk of abuse. If it turns out that a
deployed "nowsp" is vulnerable, we have a choice of a fork-lift upgrade to
introduce a safer canonicalization - if that is the only canonicalization
available, or a config upgrade to switch to "simple" if we deploy with multiple
canonicalizations.

Mark.

References:
- Re: DKIM: c=simple is aspirational
  - From: Michael Thomas

Prev by Date: Content-Digest: TEXT canonicalization
Next by Date: Re: DKIM: Canonicalization
Previous by thread: Why DKIM useful and different from PGP or S/MIME
Next by thread: Re: DKIM: c=simple is aspirational
Index(es):
- Date
- Thread