[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DKIM: Canonicalization

To: <arvel@xxxxxxxx>, <ietf-mailsig@xxxxxxx>
Subject: Re: DKIM: Canonicalization
From: Dave Crocker <dhc@xxxxxxxxxxxx>
Date: Mon, 18 Jul 2005 08:14:26 -0700
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-mailsig/mail-archive/>
List-id: <ietf-mailsig.imc.org>
List-unsubscribe: <mailto:ietf-mailsig-request@imc.org?body=unsubscribe>
Reply-to: Dave Crocker <dcrocker@xxxxxxxx>
Sender: owner-ietf-mailsig@xxxxxxxxxxxx

> >  My main guideline is that the canonicalization process
> >  does not undermine the meaning of the data.
> >
>  I don't understand why preserving the "meaning" of the data is at all
>  relevant.  The canonicalized form is, after all, a transient not intended to
>  be used in place of the true or original form at all.

Making sure we are all very clear about the nature and purpose of 
canonicalization, as used by DKIM, is not a small point.  Should there be 
changes in the language of the draft to try to work harder, at ensuring the 
reader understands this point?

In terms of the engineering challenges/tradeoffs of canonicalization, I found 
one of Mark's notes interesting:

>  In the DKIM space, canonicalization has to serve two goals. One is
>  survivability across common mangling, the second is resistance to abuse. The
>  more flexibility the canonicalization algorithm allows, the more
>  possibilities you allow for re-formatting abuse.
>
>  Essentially all canonicalizations throw away some data - put another way,
>  they  allow the insertion of some data without affecting the results of the
>  verification.
>
>  The question you have to ask is this: if you allow the insertion of some data
>  in a way that does not affect verification, can a bad guy take advantage of
>  that? More importantly can you assure that a bad guy cannot take advantage of
>  that.
....
>
>  Is that a risk today? Maybe not. Is it a risk for new forms of content
>  invented a year from now? Who knows for sure? I for one would not sign my
>  name on the dotted line saying that any sort of canonicalization that
>  ignores some content, is safe from abuse.


  d/
  ---
  Dave Crocker
  Brandenburg InternetWorking
  +1.408.246.8253
  dcrocker  a t ...
  WE'VE MOVED to:  www.bbiw.net

Follow-Ups:
- Re: DKIM: Canonicalization
  - From: Earl Hood
- Re: DKIM: Canonicalization
  - From: Jim Fenton

References:
- Re: DKIM: Canonicalization
  - From: Arvel Hathcock

Prev by Date: Re: MASS BOF Agenda and Proposed charter
Next by Date: Re: DKIM: c=simple is aspirational
Previous by thread: Re: DKIM: Canonicalization
Next by thread: Re: DKIM: Canonicalization
Index(es):
- Date
- Thread