On Mon 21/Apr/2025 09:39:22 +0200 Wei Chuang wrote:
On Sat, Apr 19, 2025 at 6:03 AM Alessandro Vesely <[email protected]> wrote:
Transparent transformations, such as base64 encoding, must be recognized as
such by the algebra. Alternatively, we could require that hashing be performed
on the decoded content, but this would be a gratuitous incompatibility
with DKIM1.
Signers should avoid signing quoted printable stuff, as its many possible
variations make any further conversion irreversible. Base64 encoding is
reversible as long as column width is 76 characters. I'm saying this after
coding it —zdkimfilter 3.0 (nov 2020) included reversing MLM transformation,
which is unreliable as it misses a modification algebra.
Can you expand upon the risk of using quoted printable with text algebra?
If this text/plain message had been encoded as quoted printable, after the ML
conversion to base64, it would never have been possible to reconstruct where
the original soft-breaks were located or which ASCII characters had been
encoded unnecessarily.
Header fields also undergo that kind of changes. Google signed this:
Subject: Re: [Ietf-dkim] Re: Malicious Modification was: My concerns
IETF signed this:
Subject:
=?utf-8?q?=5BIetf-dkim=5D_Re=3A_Malicious_Modification_was=3A_My_concerns?=
More subtle, possibly unintentional changes can happen like so:
Content-Type: text/plain; charset="us-ascii"
vs
Content-Type: text/plain; charset=us-ascii
While it is relatively easy to detect mime-wrap, footer or similar
transformation, changes in encodings, quotes and comments are difficult or
impossible to guess. Quoted printable can encode each and every character
except alphanumeric with a fixed 76 characters per line. Or it can encode only
non-ASCII characters and insert soft-breaks at the 76th character. Or
something in between. It might make sense to recognize some QP encoding
styles, but then it would be difficult for signers to determine which style of
encoding they are signing. It is much simpler to decode QP and put base64.
By knowing the details of the ML software and its configuration, it is possible
to predict the changes it will make to a given message, so that they can be
described algebraically. Most of these changes can be expressed in just a few
bits. Others, such as unwittingly removed comments, require the full original
text. With this guidance, a verifier can reverse the changes and verify the
original signature.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
