On 25/May/11 20:23, Dave CROCKER wrote: > On 5/25/2011 9:59 AM, John Levine wrote: >>> The idea is to anticipate any unknown signature breaker. >> >> I'm pretty sure that's specifically out of scope. >> >> And I promise that whatever you do, short of wrapping the whole >> message in opaque armor, I can come up with something that will >> break it. > > One might have a goal of attempting to be robust against all forms of > potential > breakage. > > That's not likely to be the goal of this sort of exercise. Rather, it will > be > to choose a set of particular types of breakage, ignoring others. For an > effort > like that, it is not meaningful to come up with additional types of breakage, > since there is no attempt to cover such additional examples.
Of course, a signature cannot survive a deliberate attempt at breaking it. However, earlier analysis considered man-in-the-middle attacks like changing, e.g., "Amoeba yeast" into "Amo ebay east" [Bryan Costales, Thu, 04 Aug 2005]. We don't know how likely such kind of attacks may be, since only tight canonicalizations were standardized. By introducing a loose canonicalization we may learn whether signature survivability affects DKIM adoption. If wider usage introduces attacks, we can switch back to current canonicalizations --in case downgrades will have gone away-- or design yet another one, approaching just the tightness we need. My appeal is for not imposing monotonicity to successive approximations, and allow erring on the too-lose side as well. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
