On 2017-01-17, Lena@??? <Lena@???> wrote:
>> From: Ivo Truxa
>
>> I can reliably reproduce the DKIM failure - it is enough
>> to send an email from Gmail with the body size
>> (may include an attachment) bigger than 65536 bytes
>> (the size of an unsigned short integer).
>
> Gmail's incoming MX advertises CHUNKING but doesn't advertise BINARYMIME.
> What you noticed means that if a recipient's MX does the same
> then Gmail's outgoing MTA sends ordinary messages (without BINARYMIME)
> in 64K chunks. What for???
>
> After reading
> https://tools.ietf.org/html/rfc1830
> https://tools.ietf.org/html/rfc3030
> I got a paranoidal suspicion that CHUNKING is a NSA plot
> to create predictable data (BDAT commands) at predictable places
> (every 64K) in order to be able to decrypt sniffed STARTTLS transmissions.
> I very much doubt that Exim will ever support automatic
> conversion of usual messages with base64-encoded attachments
> to BINARYMIME or back. Right?
> If so, what's the sense to support CHUNKING?
SFAICT there's no restriction on chunk size (other than SMTP command-length limits)
presumably it's provided as a means for binary messages to be
processed on the fly, without the whole message needing to be
translated into wire format and the octets counted before
sending can start.
Thus binary messages can be sent through a pipeline (that translates their
contents) and sent out without buffering the full pipeline output.
If you're worried about NSA. using gmail is probably not a good idea.
Also chunk size can in theory be randomised which should help with
security.
--
This email has not been checked by half-arsed antivirus software
