DKIM fails at Content-Transfer-Encoding

Posted on 2011-05-19

DomainKeys Identified Mail (DKIM) is used to prevent people from sending spam mails with “from” mail addresses from your domain; you announce with DNS records that you sign all your mails with a RSA key, and everyone can check whether mails have been really sent by you.

For this it hashes (parts of) the body and some headers, and signs these hashes with the private RSA key; the public RSA key is published with DNS. You can for example see my DKIM public key with the following command:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
 
$ dig TXT stbuehler1._domainkey.stbuehler.de.

; <<>> DiG 9.7.3 <<>> TXT stbuehler1._domainkey.stbuehler.de.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38117
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;stbuehler1._domainkey.stbuehler.de. IN TXT

;; ANSWER SECTION:
stbuehler1._domainkey.stbuehler.de. 86400 IN TXT "v=DKIM1\; g=*\; k=rsa\; p=MIG
fMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDiuq2TzvQJZU3QRkAwrOxGid4aamyykI8y/+LrIhE0j4
yxHOBi2EQQ8UN/oYsrLHuzTe3bC83r/ir5nm3r1Zp+u+0hIBGYUSmektWA/YEJnEFWcqOl80F0arid9
m+pcdvJ4u0rygZDggaNppI5X6g2ZE45gdxmTTF5Z3boqigFDwIDAQAB"

There are some problems with mailing lists (they often modify body and headers, especially the subject), but you can solve these problems by not signing the subject and signing only the initial part of the body; as this system is about preventing spam, the cryptographic requirements are not that high (you should use GPG for everything else).

But recently i stumbled across another serious issue; a friend had some problems with his DKIM setup, where he was able to successfuly verify DKIM signatures from most people, but it failed for one. The log showed it failed verifying the body hash, and so it was clear that something was messing with the body.
After some test mails i saw something suspicious: mails which i got with “Content-Transfer-Encoding: 8bit” would fail for him (but succeed for me), and he got them as “Content-Transfer-Encoding: quoted-printable”. So his mail server didn’t accept 8bit mails, and the origin mail server would change the encoding to quoted-printable, thus modifying the body, and not recalculate the DKIM signature; my mail server did accept the 8bit encoding, so it worked for me.
The reason the setup works with most people is that nearly no one uses 8bit encoding…

So, we found the problem, but whose fault is it?

It turns out the DKIM rfc says you SHOULD always convert your messages to 7bit / quoted-printable encodings…

This basically makes 8bit, which was introduced to save bandwidth when you send (binary) attachments, completely unusable with DKIM.

Imho the body should have been hashed after reverting the content-transfer-encoding, so recoding with a different encoding doesn’t change the hash.

BTW: I don’t recall seeing any DKIM setup howto mentioning that you should disable 8bit encoding…

References:

Generated using nanoc and bootstrap - Last content change: 2013-08-16 14:47