IETF Logo Mail Archive

Re: [Ietf-dkim] Question about lone CR / LF

Steffen Nurpmeso <steffen@sdaoden.eu> Sat, 03 February 2024 22:19 UTC

Return-Path: <steffen@sdaoden.eu>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 885B4C14F6A4 for <ietf-dkim@ietfa.amsl.com>; Sat, 3 Feb 2024 14:19:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FlZZqkutLr1h for <ietf-dkim@ietfa.amsl.com>; Sat, 3 Feb 2024 14:19:32 -0800 (PST)
Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D4D8C14F698 for <ietf-dkim@ietf.org>; Sat, 3 Feb 2024 14:19:31 -0800 (PST)
Date: Sat, 03 Feb 2024 23:19:27 +0100
Author: Steffen Nurpmeso <steffen@sdaoden.eu>
From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: John R Levine <johnl@taugh.com>
Cc: "Murray S. Kucherawy" <superuser@gmail.com>, ietf-dkim@ietf.org
Message-ID: <20240203221927.wJyw_3R7@steffen%sdaoden.eu>
In-Reply-To: <7ef08541-e3cf-d356-cba9-85a92a5df9a6@taugh.com>
References: <20240202043446.AAF26820F0AD@ary.qy> <f9c11d1a-7799-4946-b95e-7c9c682d60ba@dcrocker.net> <CAL0qLwZyXV11ZeULceA5sQbStky4ashJgBVmr_=8vaKZkykSiQ@mail.gmail.com> <7ef08541-e3cf-d356-cba9-85a92a5df9a6@taugh.com>
Mail-Followup-To: "John R Levine" <johnl@taugh.com>, "Murray S. Kucherawy" <superuser@gmail.com>, ietf-dkim@ietf.org
User-Agent: s-nail v14.9.24-596-g7894190075
OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt
BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs.
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/0wk8jAcWMQvJIsLxpJYWyVAY4g8>
Subject: Re: [Ietf-dkim] Question about lone CR / LF
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Feb 2024 22:19:33 -0000

John R Levine wrote in
 <7ef08541-e3cf-d356-cba9-85a92a5df9a6@taugh.com>:
 |> But on review, it seems like I've tiptoed over that line from
 |> time to time in support of robustness in some form or another. ...
 |
 |It occurs to me that Dave and I have different views of how software is 
 |put together.  His sounds like the waterfall model that was popular when 
 |he and I were undergraduates.  You design the whole thing, you decide what 
 |modules do what, then you code the modules.  So if module A is supposed to 
 |do something, there's no reason for module B to worry about it because A 
 |should already have handled it.
 |
 |My view is more pragmatic.  People assemble programs from pieces and the 
 |pieces have bugs.  So to the extent practical, you defend against things 
 |like bad input.  It happens that bare CR and LF are really easy to check 
 |for in DKIM since as I noted before there's already a state machine that 
 |is looking at the current character and knows if the previous character 
 |was a CR.  So it might as well recognize and reject that particular bit of 
 |bad input, particularly since whatever result it would otherwise produce 
 |isn't likely to be useful.

I cannot "correct" data as it comes in, unless i replace the
entire message with the corrected version, that much is plain.
This is about a cryptographically verifiable signature, so whoever
sits on the receiver end has to be able to reproduce it.

The real-life situation is anyway a disaster, as body content as
such is mostly transparent to SMTP implementations, and address
fields can be messed up, and DKIM implementations make decisions
based on those.  Unfortunately the milter protocol sends headers
as field/body pairs, and the milter has to parse the body itself.
On that front i know no DKIM milter in use which is failure proof.

 |> Maybe this illustrates the difference between pure software engineering \
 |> and
 |> applied software engineering?
 |
 |Yup.
 |
 |R's,
 |John
 |
 |PS:
 |
 |> It also optionally does LF to CRLF translation.  I'm fairly certain \
 |> this is
 |> to accommodate local/human SMTP injections since humans can't be expected
 |> to type CRLFs when entering manual tests from a shell. ...
 |
 |Unix MTAs strip out the CR in CRLF, often on the way in, so by the time 
 |opendkim sees the message, the line endings are just LF.

This is not true for postfix.  Postfix prepares the message for
SMTP, and sends that prepared message to the milter.  I only ever
see CRLF here.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

v2.23.0 | Report a Bug | By Email