[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DKIM: c=simple is aspirational

To: Dave Crocker <dcrocker@xxxxxxxx>
Subject: Re: DKIM: c=simple is aspirational
From: Jim Fenton <fenton@xxxxxxxxx>
Date: Mon, 18 Jul 2005 11:14:51 -0700
Cc: Michael Thomas <mike@xxxxxxxx>, Earl Hood <earl@xxxxxxxxxxxx>, ietf-mailsig@xxxxxxx
Iim-sig: v:"1.1"; h:"imail.cisco.com"; d:"cisco.com"; z:"home"; m:"krs"; t:"1121710395.176256"; x:"432200"; a:"rsa-sha1"; b:"nofws:2850"; e:"Iw=="; n:"sQYarK2E51MdcTiUqeif3F7cWdxIfoCiXhdfb9vD5ee/j0jXL15gbFxF2p" "XIweAblu0N6XAgK7k+wrbr7bQDJaCDqOmzqpRUBjIRQAXQ7NzadpmR3pUL6wxaRUtW+c43sl9jC" "50Qg1sXHpPjt8Y+Y16ioyQAQAdSunM4YhevURc="; s:"nerdiyRn7l8sygfT6jKIzCL3ah4my/lJotV081DO9tsNJIhMNBU2OH5v0Y3L657K0EvXPTNN" "nrQgYDXzs7qmb6Vm2VYlh86B6ObQ69fyLJf7/w9ykMmIPGxDPqSBMv7GlxgYRpAM5Z0dKHb0ak3" "z1Shflb2XpeaKtr7BZI7i8WQ="; c:"Date: Mon, 18 Jul 2005 11:14:51 -0700"; c:"From: Jim Fenton <fenton@cisco.com>"; c:"Subject: Re: DKIM: c=3Dsimple is aspirational"
Iim-verify: s:"y"; v:"y"; r:"60"; h:"imail.cisco.com"; c:"message from imail.cisco.com verified; "
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-mailsig/mail-archive/>
List-id: <ietf-mailsig.imc.org>
List-unsubscribe: <mailto:ietf-mailsig-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-mailsig@xxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

Dave Crocker wrote:

 RFC-2822 explictly states that header fields names are to be treated

 case insensitive and the header fields are to be unfolded before any
 further processing is done on the field.



This raises a question I find interesting:  Is the type of DKIM processing the 
same as is meant by the reference you cite?

RFC822/RFC2822 have a focus on process the structure and content of a message. 
Hence they focus on its semantics.

I feel that DKIM should be as forgiving as possible without changing the semantics. If RFC2822 says that header field names are always case insensitive and that the header fields MAY be folded, shouldn't we canonicalize that out?

As for the removal of internal white space in the nowsp canonicalization, if whitespace is something that can't be exploited by an attacker, why not remove it? The only exploit I'm aware of is the somewhat ridiculous "ASCII art" attack where an existing message is respaced to spell out something else in big letters.

The best argument for 'simple' IMO is not that it is aspirational, but that it is a backup plan in case there really is an exploit against nowsp that we're not thinking of. I also think it may also be useful to provide some ability to allow signers to trade off security against survivability.

-Jim

Follow-Ups:
- Re: DKIM: c=simple is aspirational
  - From: Nathaniel Borenstein
- Re: DKIM: c=simple is aspirational
  - From: Earl Hood

References:
- Re: DKIM: c=simple is aspirational
  - From: Dave Crocker

Prev by Date: Re: DKIM: Canonicalization
Next by Date: Re: DKIM: Canonicalization
Previous by thread: Re: DKIM: c=simple is aspirational
Next by thread: Re: DKIM: c=simple is aspirational
Index(es):
- Date
- Thread