Re: [art] not an erratum in RFC 6376, was Argh!!!! onto https://www.rfc-editor.org/errata.php
Steffen Nurpmeso <steffen@sdaoden.eu> Wed, 20 March 2024 22:30 UTC
Return-Path: <steffen@sdaoden.eu>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7060C14F685 for <art@ietfa.amsl.com>; Wed, 20 Mar 2024 15:30:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sdaoden.eu header.b="heovwI9b"; dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=sdaoden.eu header.b="khyvLGeJ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gPgHsXSXyz9O for <art@ietfa.amsl.com>; Wed, 20 Mar 2024 15:30:07 -0700 (PDT)
Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 135E8C14F682 for <art@ietf.org>; Wed, 20 Mar 2024 15:30:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sdaoden.eu; s=citron; t=1710973801; x=1711640467; h=date:author:from:to:subject: message-id:in-reply-to:references:mail-followup-to:openpgp:blahblahblah: author:from:subject:date:to:cc:resent-date:resent-from:resent-to: resent-cc:in-reply-to:references:mime-version:content-type: content-transfer-encoding:message-id:mail-followup-to:openpgp: blahblahblah; bh=rNxEHfiykIaeWp674ohJYeBYtnoj7AiFg3Fa7rMMLi4=; b=heovwI9bTTf17VdxY8lM5pR66xCHh1mKGNpVLfn08j13KboPBaehu/2V6DurxnIey3/snflj x/teCU/nRqi+z476PzcysGGjZSltZkrs0r4vKAj0WQ8CEQC5X46ZgaFmy1EHjin15obEGnBEy1 YWiRTZPCTm/aAZg4avburzxpuqNUcpJ0hx/mNOUhRLoSfANdXmrMGCFSoRK/B9Wj6Xhv/480ST DzAbYk5Ph5SOHRNKeL72x/d2AAuUb14z++NRyF+ydpK1MbChhpqF4eqG9RjadNmtwc20eC8Syi u0kRgC/XE8aZ9rPCnyuI+ywlnAg8WzlFaqq4w+QYVY0VEesA==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=sdaoden.eu; s=orange; t=1710973801; x=1711640467; h=date:author:from:to:subject: message-id:in-reply-to:references:mail-followup-to:openpgp:blahblahblah: author:from:subject:date:to:cc:resent-date:resent-from:resent-to: resent-cc:in-reply-to:references:mime-version:content-type: content-transfer-encoding:message-id:mail-followup-to:openpgp: blahblahblah; bh=rNxEHfiykIaeWp674ohJYeBYtnoj7AiFg3Fa7rMMLi4=; b=khyvLGeJnC0Md8GQeQQxvPZrfevqf2+sA7Yu3iOlA3m5bOKw2qEeHnVaYmLsgn3ZtQYEX6Oe IVaV+RH7srItDQ==
Date: Wed, 20 Mar 2024 23:30:00 +0100
Author: Steffen Nurpmeso <steffen@sdaoden.eu>
From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: art@ietf.org
Message-ID: <20240320223000.GvPm_uV2@steffen%sdaoden.eu>
In-Reply-To: <20240320211242.57E4085CEF48@ary.qy>
References: <20240320211242.57E4085CEF48@ary.qy>
Mail-Followup-To: art@ietf.org
User-Agent: s-nail v14.9.24-612-g7e3bfac540
OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt
BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs.
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/6Xf2teBbIh6hRhDfQXIGxWKoQt4>
Subject: Re: [art] not an erratum in RFC 6376, was Argh!!!! onto https://www.rfc-editor.org/errata.php
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2024 22:30:12 -0000
Hello. (I take you off the address list since i now always seem to get <johnl@taugh.com>: host mx1.taugh.com[64.57.183.56] said: 554 5.6.0 Bare CR or LF not accepted. (in reply to end of DATA command) even though i use postfix 3.9, .. and already before had those new configuration settings.) John Levine wrote in <20240320211242.57E4085CEF48@ary.qy>: |It appears that Steffen Nurpmeso <steffen@sdaoden.eu> said: |>|No, it's correct as is. |>| |>|The first bullet on page 16 says to unfold all the lines, so the CR/LF |>|are gone before it does anything with WSP. |> |>But *that* unfolding refers to exactly CRLF alone, because only |>this combination is allowed by RFC 5322. |>I .. now you make me a bit unsure, but i really think i did test |>both, removing lone CR and LF, as well as treating them literally. | |Since unpaired CR and LF are not valid in a 5322 message, if you see a |message that contains one of them, you can do whatever you want. My |preference would be to have the signature fail since there is no |reason to expect that the other end will do the same thing you do. | |We quite deliberately did not speculate about what one might do with |a block of text that is sort of like a 5322 message but isn't one. But .. that is what happens in real life software? Maybe one should even add a paragraph stating that, and mention the Sendmail milter protocol, which possibly is the culprit of what happens. (Though _why_ that is, since the other possibilities would have worked out just equally well? Ie, literal bytes or simple stripping. I cannot tell, i was not around anything email around 2006-2011 when that seems to have been developed.) I did ask on -dkim@ and implemented as written and said, but DKIM verification fails for such multiline headers from milter communication if RFC 6376 is followed exactly. (Thankfully DKIM has a certificate test mode built-in, otherwise some reputation downgrade (if at all possible in my case) would surely have kicked in! It is a great standard!) I mean, i am not the best person to add an errata. It is not a real errata in that sense, but a change to the standard, as i said on -dkim. But it is reality, and the OpenDKIM code i have (now had) was from 2015. Sure, any new implementor will sooner or later stumble over failed verifications, and then figure out what is going on. But intentionally keeping the standard "as-is" seems broken behaviour, imho. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
- Re: [art] not an erratum in RFC 6376, was Argh!!!… John Levine
- Re: [art] not an erratum in RFC 6376, was Argh!!!… Steffen Nurpmeso
- Re: [art] not an erratum in RFC 6376, was Argh!!!… John Levine
- Re: [art] not an erratum in RFC 6376, was Argh!!!… Murray S. Kucherawy
- Re: [art] not an erratum in RFC 6376, was Argh!!!… Steffen Nurpmeso
- Re: [art] not an erratum in RFC 6376, was Argh!!!… John Levine
- Re: [art] not an erratum in RFC 6376, was Argh!!!… Steffen Nurpmeso
- Re: [art] not an erratum in RFC 6376, was Argh!!!… Rob Sayre
- Re: [art] not an erratum in RFC 6376, was Argh!!!… Steffen Nurpmeso
- Re: [art] not an erratum in RFC 6376, was Argh!!!… John C Klensin
- Re: [art] not an erratum in RFC 6376, was Argh!!!… Steffen Nurpmeso