DKIM Deployment

[Jesse Thompson <>]

On 1/14/2010 5:13 AM, Jose-Marcio Martins da Cruz wrote:
> Serge Aumont wrote:
> > On 14/01/10 01:37, Dave CROCKER wrote:
> > > On 1/13/2010 4:27 PM, Jim Fenton wrote:
> > > > > 1. changing the case of header names
> > > > > e.g. s/Message\-ID/Message\-id/
> > > > >
> > > > > #2. changing the value of the Content-type header
> > > > > # s/charset=us\-ascii/CHARSET=US\-ASCII/
> > > > > # this one might be due to a misconfiguration
> > > > These are both pretty silly -- changing the case of case-insensitive
> > > > values.
> > > Actually, what's silly is having an algorithm that /cares/ about case,
> > > for a case-insensitive string...
> > Do you mean that DKIM canonicalization algorithm should convert all
> > headers when preparing message from signature or verification ?
>
> There were two examples :
>
> * converting header names (name, not value) to low/high case doesn't
> seem to me a big problem, as headers are some sort of structured
> information. Message body isn't. So, why not ?

yeah, that makes sense to me.


> * reformating dates in a received header inserted by some one other...
> is a more complex operation and opens the door to many other questions...
>
>  > Received: from [128.104.19.133] by web81602.mail.mud.yahoo.com via
> HTTP; Wed,
>  >- 13 Jan 2010 08:22:31 -0800 (PST)
>  >-Message-id: 
> <>
>  >+ 13 Jan 2010 08:22:31 PST
>  >+Message-ID: 
> <>
>
> Converting headers case before signing and verification may be a problem
> in some cases. Headers names are case insensitive, but headers value
> aren't allways. E.g. an email address information in From and To headers
> is case insensitive, but the subject isn't.

Oh sorry, my previous remarks referring to the Date header is incorrect. 
 You're right, it's the Received headers that are being changed.  (as 
background, this Info-IMS topic was originally brought up by someone 
else, who is claiming that SJSMS is modifying the Date header.  This 
explains why I misconstrued the headers in my remarks.)

I am less sympathetic for need for a relaying MTA modifying received 
headers.  I could push this with Ned, I suppose, but I'm sure he will 
have a good reason.  Or maybe Yahoo shouldn't be hashing against the 
received headers in the first place?

Lastly, the 2nd example (the conversion of the case in the Content-Type 
header) looks to be something related to local processing that I might 
be able to resolve with a configuration change.

Jesse


> IMHO, as long as possible, DKIM should avoid any heuristics needing some
> semantics interpretation.

--
  Jesse Thompson
  Division of Information Technology, University of Wisconsin-Madison
  Email/IM:

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature