[Asrg] Re: Body signature subgroup and the forwarding project

[Bruce Lilly <blilly at erols.com>]

>  Date: 2005-07-26 22:38
>  From: John Levine <asrg at johnlevine.com>

> Over on the lists where people are working on DKIM and similar
> signature schemes, there's a lot of discussion of message
> canonicalization for signature hashes.  That is, the signature
> involves a hash of the message, but before making the hash, the
> message is cleaned up to make it more likely that the signature will
> still verify after the message passes through a few intermediate mail
> systems, while not letting a bad guy change the message into something
> substantively different.

The root of the problem is various types of modifications made by
SMTP and other transport, and is a well-known problem (see the MIME
RFCs for discussion of a number of issues).  Also see
draft-lilly-extensible-internet-message-format-p01-00.txt and its
companions for a discussion of some of the issues and one possible
approach (in an early stage of development).
  
> Lots of people have strong opinions about various canonicalization
> schemes, but we have precious little data on how messages actually
> change when passing through MTAs.  So I thought a little research
> might be in order.  My plan is to get a bunch of people with different
> MTAs to set up forwarding addresses that forward back to addresses
> here so that I can send them a message, it goes through their MTA and
> returns, and I can now see how the message changed.  My MTA is qmail
> which carefully avoids doing anything to incoming messages other than
> prefixing a Received: header, so it's not hard to isolate the effects
> of the remote MTA.

The issue isn't so much MTAs as network and gateway issues.  E.g. part
of a transport path might permit 8bit or binary transfer while another
part may handle only 7bit content, necessitating conversion by applying
transfer encoding (which isn't permitted if the existing MIME security
multiparts are used, but then if the proposed schemes use something
else, all bets are off).  One or more cycles through X.400 gateways
will result in considerable change (even a single pass in one direction
will cause significant change, but your testing method will only work
for integral numbers of round-trip cycles).  Likewise for gateways to
and from systems that use EBCDIC.  And those that translate to proprietary
mail systems.  Simply passing messages through plain vanilla MTAs in a
pure SMTP context won't reveal much about the problems that can be
encountered in the actual global mail system. 

> I've set up a new subgroup called bodysig.  To subscribe to its list,
> send "subscribe bodysig" to majordomo at asrg.sp.am.

Poor choice of name?  If you're only looking at the (2822) body and not
including the message header in the hash,
a) you're trying to reinvent the wheel; see S/MIME and PGP/MIME for
   signed messages, and/or RFC 1864 (Content-MD5) field for a hash w/o
   PKI requirements
b) you're doing nothing about phishing and related types of forgery of
   message header fields, which seem to be the most prevalent forms of
   spam at the moment.

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg