MIME re-encoding considered harmful.

Majordomo 2 is the latest piece of e-mail forwarding software at least one of whose authors considers it a “good thing” to re-encode any MIME parts they touch, and argues that cryptographic signatures that are invalidated in the process are to bla…

Majordomo 2 is the latest piece of e-mail forwarding software at least one of whose authors considers it a “good thing” to re-encode any MIME parts they touch, and argues that cryptographic signatures that are invalidated in the process are to blame on “broken” software on the sender’s end.The argument is bogus: Ever since 1995’s RFC 1847 (which first specified multipart/signed), not treating the first part of a multipart/signed as opaque has been a violation of applicable standards. RFC1847 is the basis of both OpenPGP/MIME and S/MIME. The basic idea is to encrypt and hash MIME bodies as they {would be, are} transferred over the wire, with some additional constraints.But why is multipart/signed the right approach?First, the “defensive” argument: Re-encoding messages adds complexity to e-mail transport, hence makes errors and problems more likely, without adding any demonstrable benefit. Hence, it is generically evil. Given the elegance and simplicity of RFC 1847, designing MIME signatures in a way that is friendly to re-encoding transport or forwarding agents would be wasteful, add no visible benefit, and make generically evil practices appear less evil. Besides, it’s hardly an option at this point of time.On the feature side, multipart/signed has the important property to include meta information with a signature: Is this postscript code to be interpreted as text, or as postscript? Did they mean to discuss postscript coding standards, and sign that, or did they really sign the contract that is rendered when you interpret the PostScript code? Building a “canonical format” that lets MIME signatures assure the same set of information would amount to designing a feature-complete replacement for MIME. So, why not just use MIME itself?(This is not to say that there are no problems with MIME and digital signatures — I’ll be the first to say that MIME’s ambiguities are a real problem. But these are not degrees of freedom that MIME encoders get to choose — these are degrees of freedom introduced by MIME’s “gentle” handling of misformatted messages.)