A method for describing changes made to an email
draft-gondwana-dkim2-modification-alegbra-00

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Replaced".
Author Bron Gondwana
Last updated 2024-11-03
Replaced by draft-gondwana-dkim2-mailversion
RFC stream (None)
Formats
txt html xml htmlized bibtex bibxml
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
Email authors IPR References Referenced by Nits Search email archive
draft-gondwana-dkim2-modification-alegbra-00 
Network Working Group                                        B. Gondwana
Internet-Draft                                          Fastmail Pty Ltd
Obsoletes: 4686 (if approved)                            3 November 2024
Intended status: Standards Track                                        
Expires: 7 May 2025

            A method for describing changes made to an email
              draft-gondwana-dkim2-modification-alegbra-00

Abstract

   This memo describes a method for describing the changes made to an
   email during common email modifications, for example those caused by
   mailing lists and forwarders.

   While this is general enough to be used for any changes, it is
   anticipated that this method will normally be used for removing added
   data rather than large complex changes.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 7 May 2025.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Gondwana                   Expires 7 May 2025                   [Page 1]
Internet-Draft         Email Modification Algebra          November 2024

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Background and motivations  . . . . . . . . . . . . . . . . .   2
   2.  Difference format - headers . . . . . . . . . . . . . . . . .   2
   3.  Difference format - body  . . . . . . . . . . . . . . . . . .   3
   4.  Signature coverage. . . . . . . . . . . . . . . . . . . . . .   4
   5.  Iterative application . . . . . . . . . . . . . . . . . . . .   4
   6.  Security  . . . . . . . . . . . . . . . . . . . . . . . . . .   5
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   8.  Informative References  . . . . . . . . . . . . . . . . . . .   5
   Appendix A.  Changes from Earlier Versions  . . . . . . . . . . .   5
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   5

1.  Background and motivations

   Currently, when an email is sent with a DKIM signature, the message
   can go through multiple forwarders and still be authenticated,
   however if a single change is made to a header which is covered by
   the signature, or to the body, then the signature no longer validates
   - and it's impossible for the receiver to know what was changed, or
   even if the entire messages content was replaced by an attacker.

   By producing a way to describe changes, the recipient can examine the
   sections which were changed and determine whether the change was
   malicious.  Because each step signs its own changes in DKIM2, this
   also allows the recipient to identify exactly which intermediary
   introduced the malicious change, and adjust their reputation
   accordingly.

2.  Difference format - headers

   For headers, the format is to completely replace all headers with a
   particular name.  For example if you replace the subject and from
   address in an email, then you need to include the complete old
   headers for each of those:

   Header: "DKIM2-Diff-Header:"

Gondwana                   Expires 7 May 2025                   [Page 2]
Internet-Draft         Email Modification Algebra          November 2024

       +=========+================================================+
       | Command | Input                                          |
       +=========+================================================+
       | i       | DKIM2 matching header number                   |
       +---------+------------------------------------------------+
       | b       | replace headers with base64 octet value        |
       +---------+------------------------------------------------+
       | t       | replace headers with raw text characters value |
       +---------+------------------------------------------------+

                                 Table 1

   Example for a message which has had Subject and From replaced, and
   Reply-To added.

   From: brong@fastmailteam.com.dmarc.fail
   To: dkim2@lists.ietf.org
   Reply-To: dkim2@lists.ietf.org
   DKIM2-Diff-Header: i=3;
                      t=Subject,A replacement for DKIM;
                      b=From,YnJvbmdAZmFzdG1haWx0ZWFtLmNvbQo=;
                      t=Reply-To

3.  Difference format - body

   This difference format for the body is inspired by [RFC3284] (The
   VCDIFF Generic Differencing and Compression Data Format).

   Since the transport for the differences is a 7-bit mime header, this
   format has been made simple and human readable.  It is a simple
   program describing ranges of data to copy from the output to recreate
   the input.

   Header: "DKIM2-Diff-Body:"

          +=========+==========================================+
          | Command | Input                                    |
          +=========+==========================================+
          | i       | DKIM2 matching header number             |
          +---------+------------------------------------------+
          | c       | copy offset-length from new-message body |
          +---------+------------------------------------------+
          | b       | insert octets from base64 encoded value  |
          +---------+------------------------------------------+
          | t       | insert raw text of value                 |
          +---------+------------------------------------------+

                                 Table 2

Gondwana                   Expires 7 May 2025                   [Page 3]
Internet-Draft         Email Modification Algebra          November 2024

   Example:

   DKIM2-Diff-Body: i=2;
                    c=0-19452;
                    c=20312-150

   Example - appended to some base64 content; so we need to add back the
   last few characters (and the mime trailer)

   DKIM2-Diff-Body: i=2;
                    c=0-19452;
                    t=aX==;
                    c=20312-150

   Example - a URL was substituted in the content of the body (complex,
   but still easily doable!)

   DKIM2-Diff-Body: i=3;
                    c=0-3542;
                    b=PGEgaHJlZj0iaHR0cHM6Ly93d3cuZXhhb
                      XBsZS5jb20iPkV4YW1wbGU8L2E+Cg==;
                    c=3623-84743

   The decision whether to use 'b' or 't' is up to the system creating
   the diff, however 't' has a limited set of characters that are safe
   to use in headers.

4.  Signature coverage.

   Each DKIM2 signature implicitly covers all DKIM2-Diff-Body and DKIM2-
   Diff-Header headers with an i=N value for the same and lower N values
   as the i= on the DKIM2 header.

5.  Iterative application

   To get back to the original message and confirm that it was
   unchanged, it is necessary to apply this algorith iteratively.

   For example if you receive a message at i=7 for which there is a
   modification to the headers at i=5 and a modification to both headers
   and body at i=3, to recreate the original message you would first
   apply the header changes from i=5, then apply the header and body
   changes for i=3.  If this doesn't create a message which validates
   with the initial i=1 signature, then some hop has corrupted the
   message, and you can check every single DKIM signature in reverse to
   find the first one where the message no longer validates.

Gondwana                   Expires 7 May 2025                   [Page 4]
Internet-Draft         Email Modification Algebra          November 2024

6.  Security

   TBA

7.  IANA Considerations

   TBA

8.  Informative References

   [RFC3284]  Korn, D., MacDonald, J., Mogul, J., and K. Vo, "The VCDIFF
              Generic Differencing and Compression Data Format",
              RFC 3284, DOI 10.17487/RFC3284, June 2002,
              <https://www.rfc-editor.org/rfc/rfc3284>.

Appendix A.  Changes from Earlier Versions

   [[This section to be removed by RFC Editor]]

Author's Address

   Bron Gondwana
   Fastmail Pty Ltd
   Level 2, 114 William Street
   3000
   Australia
   Phone: +61 457 416 436
   Email: brong@fastmailteam.com

Gondwana                   Expires 7 May 2025                   [Page 5]