IETF A. Vesely Internet-Draft June 23, 2014 Intended status: Informational Expires: December 25, 2014 DKIM "smooth" header canonicalization draft-vesely-smooth-canon-00 Abstract This document describes a new canonicalization algorithm for DKIM, designed to be better able to survive transit through intermediaries. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on December 25, 2014. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Vesely Expires December 25, 2014 [Page 1] Internet-Draft DKIM smooth header c14n June 2014 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. The "smooth" Header Canonicalization Algorithm . . . . . . . . 3 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 6. Normative References . . . . . . . . . . . . . . . . . . . . . 4 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 4 Vesely Expires December 25, 2014 [Page 2] Internet-Draft DKIM smooth header c14n June 2014 1. Introduction DomainKeys Identified Mail (DKIM [RFC6376]) Signatures only provide for two canonicalization algorithms, "simple" and "relaxed". This document describes a new algorithm, "smooth", which is more relaxed then the "relaxed" algorithm. The algorithm is being specified for headers only, for the time being. The reason to introduce a new algorithm is twofold. On the one hand, many mail transfer agents (MTAs) bestow slight changes on header fields syntax, in an attempt to unformalize it. Such activity does not impede local DKIM verification, provided that the latter occurs before the former, but breaks verification at further hops. On the other hand, using a more robust canonicalization is not enough to have the original DKIM Signature survive the transit. In some cases, the original DKIM Signature has to be significantly weaker than [RFC6376] recommendations, and additional verifications MAY be needed to recover any semantics of trust that might have been associated with a signer's role. Thus, this document can be used as a reference for a class of semantics alterations that are being introduced. 2. Terms The terms WSP, CRLF, DQUOTE, "comment", and "quoted-string" are imported from [RFC5322]. 3. The "smooth" Header Canonicalization Algorithm The "smooth" header canonicalization algorithm MUST apply the following steps in order: o Convert any word encoded as specified by [RFC2047] into its plain UTF-8 value. For example, convert "=?UTF-8?B?Zm9vCg?=" to "foo". Note that character conversion is needed if the original charset is not UTF-8. The format of the resulting value is described in Internationalized Email Headers ([RFC6532]). o Convert all header field names (not the header field values) to lowercase. For example, convert "SUBJect: AbC" to "subject: AbC". o Unfold all header field continuation lines as described in [RFC5322]; in particular, lines with terminators embedded in continued header field values (that is, CRLF sequences followed by WSP) MUST be interpreted without the CRLF. Implementations MUST Vesely Expires December 25, 2014 [Page 3] Internet-Draft DKIM smooth header c14n June 2014 NOT remove the CRLF at the end of the header field value. o Delete all comments, that is parenthesized text not in a quoted string. o Delete all DQUOTE characters defining quoted-strings. For example, convert 'charset="us-ascii"' to 'charset=us-ascii'. Escaped DQUOTE characters inside a quoted-string MUST be unescaped. For example, '"an \"example\" of escaped DQUOTE"' to 'an "example" of escaped DQUOTE'. o Delete all sequences of one or more WSP characters. WSP characters here include those before and after a line folding boundary, as well as those before or after the colon separating the header field name from the header field value. 4. IANA Considerations There is a registry of DKIM-Signature Canonicalization Header created by RFC6376. 5. Security Considerations to be done. 6. Normative References [RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text", RFC 2047, November 1996. [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, October 2008. [RFC6376] Crocker, D., Hansen, T., and M. Kucherawy, "DomainKeys Identified Mail (DKIM) Signatures", STD 76, RFC 6376, September 2011. [RFC6532] Yang, A., Steele, S., and N. Freed, "Internationalized Email Headers", RFC 6532, February 2012. Vesely Expires December 25, 2014 [Page 4] Internet-Draft DKIM smooth header c14n June 2014 Author's Address Alessandro Vesely v. L. Anelli 13 Milano, MI 20122 IT Email: vesely@tana.it Vesely Expires December 25, 2014 [Page 5]