[Dovecot] SIS Implementation

WJCarpenter bill-dovecot at carpenter.org
Sat Aug 15 03:39:40 EEST 2009 

> I was thinking things like: upper vs. lowercase characters, different 
> line wrapping lengths, possibly some other weird stuff.. I'd think 
> that all digital signatures break if any of those change? Or do they 
> really parse the headers and do calculate the signatures using the 
> decoded base64?

Yes, you will have to perfectly preserve whatever is inside the base64 
or q-p, but that's a different matter from needing to preserve the 
base64 or q-p itself.  base64 and q-p are just schemes for safely 
transporting the message since there is some mild danger of losing the 
8th bit.

These days, standardized digitial signature schemes take into account 
legal transformations that can happen during message transmission.  Most 
of them have a canonicalization formula so that things still work.  
However, in early days, various schemes didn't take that into account.  
Luckily, MTAs typically didn't rearrange anything even if they were 
legally allowed to. 

So, I think you should regard all MIME parts as binary (after decoding 
any base64, q-p, or whatever).  If some of them happen to contain plain 
text, so what?  Just perfectly preserve every bit, possibly with 
lossless compression for storage, and everything should work.  (Because 
the SMTP spec has the ridiculous requirement that mail be transmitted 
with CRLF line endings, some mail systems do line-ending conversion to 
the local convention.  That's a nightmare; best to avoid it and just 
store everything as binary.)

> Another issue is that the MIME structure (MIME part sizes, offsets) 
> must match what got saved into dovecot's cache file, but that could be 
> fixed with some extra code.
>

Right.  I assumed that that area of code would need a lot of touching 
anyhow.  If you take my advice and basically discard the base64/q-p 
encoding, you also can't depend on the MIME boundary being unambiguous 
any more.  But if you're reassembling things on the fly from an SIS 
store, you can generate new MIME boundaries if you need them.  All that 
stuff is just wrapping paper.  (Of course, you should check the MIME 
specs to see what you can officially do, but I'm pretty sure most of the 
things that are interesting to do were anticipated.  Even if not, the 
MIME specs only cover message transmission.  You can do whatever you 
want in your local store.)

More information about the dovecot mailing list