Re: [EAI] Re: "7. Upgrading downgraded header"

To: IMA <ima at ietf.org>
Subject: Re: [EAI] Re: "7. Upgrading downgraded header"
From: "Charles Lindsey" <chl at clerew.man.ac.uk>
Date: Mon, 12 Mar 2007 11:16:30 -0000
In-reply-to: <45F2DDC8.645C@xyzzy.claranet.de>
List-archive: <http://www1.ietf.org/pipermail/ima>
List-help: <mailto:ima-request@ietf.org?subject=help>
List-id: "EAI \(Email Address Internationalization\)" <ima.ietf.org>
List-post: <mailto:ima@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=unsubscribe>
References: <E1HPPYq-0007Jh-Rs@stiedprstage1.ietf.org> <5dk5xr3sgu.fsf@Hurtta06k.keh.iki.fi> <op.toxmdunl6hl8nm@clerew.man.ac.uk> <5dps7inwtx.fsf@Hurtta06k.keh.iki.fi> <45F2DDC8.645C@xyzzy.claranet.de>
User-agent: Opera M2/8.01 (SunOS, build 1204)

On Sat, 10 Mar 2007 16:33:12 -0000, Frank Ellermann <nobody at xyzzy.claranet.de> wrote:

Kari Hurtta wrote:

| o  If each mail header has [RFC2047] encoded part and which encoding
|      is "UTF-8", it may be a downgraded header, so decode it.

That algorithm not necessary produce original result.

What differences can arise? I can see that folding may get changed,
and  whitespace may get mucked about, but is there anything else?

Changes of folding should be acceptable (and will even lead to correct
DKIM signature interpretation is the 'relaxed' canonicalization is
used).

Also header field is not necessarly downgraded header field.


In other words any valid 2321 or 2047 =?UTF-8...?= encoded word could
be encoded in the original message/utf-8 (before downgrading).  Then
"upgrading" it would replace the encoded word by native UTF-8.  And
that could cause havoc for header signatures.  But we know this, the
issue has to be noted somewhere (maybe as "security consideration").

Which implies that any RFC2047 stuff should be unscrambled before computing the hash for the signature. That would mean a different canonicalization algorithm, but if a special canonicalization algorithm is needed for DKIM-signing of UTF8SMTP messages, then that is not a showstopper.

-- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 ; Web: http://www.cs.man.ac.uk/~chl Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5

_______________________________________________
IMA mailing list
IMA at ietf.org
https://www1.ietf.org/mailman/listinfo/ima

Follow-Ups:
- [EAI] Re: "7. Upgrading downgraded header"
  - From: Frank Ellermann

References:
- [EAI] I-D ACTION:draft-ietf-eai-downgrade-03.txt
  - From: Internet-Drafts
- [EAI] "7. Upgrading downgraded header" (Re: I-D ACTION:draft-ietf-eai-downgrade-03.txt)
  - From: Kari Hurtta
- Re: [EAI] "7. Upgrading downgraded header" (Re: I-D ACTION:draft-ietf-eai-downgrade-03.txt)
  - From: Charles Lindsey
- [EAI] Re: "7. Upgrading downgraded header" (Re: I-D ACTION:draft-ietf-eai-downgrade-03.txt)
  - From: Kari Hurtta
- [EAI] Re: "7. Upgrading downgraded header"
  - From: Frank Ellermann

Prev by Date: [EAI] Re: "7. Upgrading downgraded header"
Next by Date: Re: [EAI] Message-ID (Re: I-D ACTION:draft-ietf-eai-downgrade-03.txt)
Previous by thread: [EAI] Re: "7. Upgrading downgraded header"
Next by thread: [EAI] Re: "7. Upgrading downgraded header"
Index(es):
- Date
- Thread

Re: [EAI] Re: "7. Upgrading downgraded header"

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.