[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Why mailers should not touch the body



>     There are very good reasons to build remailers (and all mail
>     tools) to pass on all the bytes they can, trailing spaces and
>     .sigs included.
> Hugh doesn't say what these reasons are.  They are not obvious to me,

A fair question (though not phrased as one).

The reason to build mailers that faithfully pass on the entire body of
the message, without any kind of alteration, is that it permits you to
send ANY body through that mailer and rely on its faithful arrival at the
destination.

If there are no exceptions to the "ANY body" rule, programs can assume
that the mail system is a black box (you put info in here, it comes out
over there -- you don't care about its guts).  If there are exceptions,
then it becomes more complicated for programs (and humans!) to use the
mail system to pass arbitrary information.

One of the great things about adding checksums to messages is that
mail and news paths which alter messages will be detected and corrected.

I think that if PGP is told that something it signs is text, it should
canonicalize line endings from the local storage format (whether
newlines are CR, LF, or CRLF) and that's it.  If a message passes
through a system that expands all tabs to spaces, the messages is
corrupted and its signature SHOULD not match.  Systems which cannot
represent strings of ASCII/ISO-Latin-1 text characters separated by
line-endings (such as IBM mainframes which assume EBCDIC 80-column
records padded out with trailing blanks) cannot be used "in the
obvious way" to move signed textual email.  The email will have to be
encoded to pass through such non-transparent mail systems -- which
will be sufficiently painful that eventually the mail systems will be
fixed.

It's already a pain that most Internet email won't handle a body consisting
of arbitrary 8-bit bytes.  If they fix that throughout 80% of the Internet,
the other 20% will be forced to go along, or forced to receive an endless
stream of corrupted binaries, uncheckable signatures, etc, from the
fully capable part of the net.

	John Gilmore

PS:  I note that my own mailer, MH, inserts an extra newline at the beginning
of many messages, and probably to the end as well.  A proper body checksum
would detect that and report an error.