IETF Logo Mail Archive

Re: [Ietf-dkim] Question about lone CR / LF

Dave Crocker <dcrocker@bbiw.net> Sat, 03 February 2024 13:36 UTC

Return-Path: <dcrocker@bbiw.net>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B632C15154A for <ietf-dkim@ietfa.amsl.com>; Sat, 3 Feb 2024 05:36:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.807
X-Spam-Level:
X-Spam-Status: No, score=-2.807 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bbiw.net header.b="VCfh3+YF"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="eNgkaF+V"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uM1hR_hvHmtr for <ietf-dkim@ietfa.amsl.com>; Sat, 3 Feb 2024 05:36:34 -0800 (PST)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9037FC151092 for <ietf-dkim@ietf.org>; Sat, 3 Feb 2024 05:36:34 -0800 (PST)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 24A1F3200B30; Sat, 3 Feb 2024 08:36:26 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Sat, 03 Feb 2024 08:36:26 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bbiw.net; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1706967385; x=1707053785; bh=DiIkeFcLN9 OuSlBOHd7NwuZF+Pr7lHw0umQGOGn+l3g=; b=VCfh3+YFzTyNpqPyTrN02SVrc2 qdtXdaIOziy56p7DyJVqQc0nPC/tDyERzpOSe2hKhMEDGSjB4cKvSMjma52BbH4D JF6KCXWU1ZwopumGefdvHgj/fuYLq+JSm/RLEgvyjy8bDMlS7Lnj+zT4ywsSv5rO sNBCDMePCWy/SnUsM6HF8roUadDDAcbpq28ExX2MxfhYxwHjphcGcRzRqZ9SbGfH vdoeyT4GHfd0SUDQev4uYSPUGy2wLWfuQP8tft/hddOlahtjuJyE/P8fEJ8JDuzA AkfXOJbrl2lildQG3jdFmtd0vYpkmwzCeTqHlyhg6RpJjtsshbmtcP5Kf37w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1706967385; x=1707053785; bh=DiIkeFcLN9OuSlBOHd7NwuZF+Pr7 lHw0umQGOGn+l3g=; b=eNgkaF+VhpB5B6e7bHHAfAsCC8sQvcD0D7xGGbAbD/5S p9WjUygRjn0m+fiFsvoQeTAtGYYog6QHmKIga+mXkrMdwD9xi1X1XMAd4NwXpzlW 8KtLn5+U/RellQcEAD1yexEUXC+H+zcfXuJNZsWlRFvGgGG3W4PaNW6h4wKBeap7 caFxu8Cp/JUXxTHYYJqTZs1GNujh0to5a6fpCyjcwZl5wceMFycyrfLs/oHqfKyY zFBI2EEhQlN7/tZLVpKlID0wOf3yprSXgN80iFY3kkeEgVWNKCFGfQ/6RuXdkXpz TChJo7BmAfECEEkdHJn4adDgolrcoNrn6/8IyQqanA==
X-ME-Sender: <xms:WUG-ZcLs73MuVpK4O8y0wDo76Y8cKw-j8-VuXTsMgf8-s1VnpsA3qg> <xme:WUG-ZcI2rLKf-xA3453J_IrhkoZbuPc4gc4UHJFJX_HQOsF0f6rohk7L6xtDSVZ5Q Ed6bp-YEEKdphabEQ>
X-ME-Received: <xmr:WUG-Zcv0vXrbYS04qRwK12JT0mC6eJLnZ27Ifc5-75cIL5A7cfPyMbt_kt2UW8Ih_QZciQ7epX6j2Ab-Jyo_L_BMrqtwdAlpi6N_8Z_a>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrfeduiedghedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptgfkffggfgfuvfhfhfhovegjsegrtderredtvdejnecuhfhrohhmpeffrghv vgcuvehrohgtkhgvrhcuoegutghrohgtkhgvrhessggsihifrdhnvghtqeenucggtffrrg htthgvrhhnpeeftdeifffguefhgfehkeevgfevgfelfeetudduhefftdeffeejudektdev uddvkeenucffohhmrghinhepsggsihifrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomhepuggtrhhotghkvghrsegssghifidrnhgvth
X-ME-Proxy: <xmx:WUG-ZZYI1-ZBXDxoypPZZHhoAnM2P6-llbZ_p6Pnmg7T8AhbsgA2Fg> <xmx:WUG-ZTYw0bV3VODTMfahg96WjvhffMJLqDZt9BLcVHNGxe1xbCWtgw> <xmx:WUG-ZVCnECIc7lP_bduCMCPKEn2bYYA1wtyQqHL4Ec2ZIx0uupAK_w> <xmx:WUG-ZUDAKmzWbWgT_xIJNKdTrWBTLmPkShlkywTSLWm9f2dgCzu0iw>
Feedback-ID: i16d9478d:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 3 Feb 2024 08:36:24 -0500 (EST)
Content-Type: multipart/alternative; boundary="------------uXMvVnGwiUHQM6e037atnc0k"
Message-ID: <52b5c2f3-e52f-403f-becf-813bbaf7b870@bbiw.net>
Date: Sat, 03 Feb 2024 05:36:24 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: John Levine <johnl@taugh.com>
References: <20240202043446.AAF26820F0AD@ary.qy>
Content-Language: en-US
From: Dave Crocker <dcrocker@bbiw.net>
Organization: Brandenburg InternetWorking
Cc: ietf-dkim@ietf.org
In-Reply-To: <20240202043446.AAF26820F0AD@ary.qy>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/2WCfyQ7vU2WRcyx7Ap4gpijd35g>
Subject: Re: [Ietf-dkim] Question about lone CR / LF
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Feb 2024 13:36:39 -0000

On 2/1/2024 8:34 PM, John Levine wrote:
> I can see that you have strong opinions about what a DKIM verifier
> should do with those non-5322 blobs, but I don't see what the basis
> for that is, and for that matter, I don't really understand what you
> expect code to do with them.  Why is "stop and report failure" any
> less valid than anything else?


I thought I supplied the key point in my response to Jon:

> A 5322 processor gets to decide what is a valid message.  That's not 
> DKIM's job.  And DKIM has no inherent reason to care about CR or LF on 
> their own, as distinct from any other character on its own.


You moved things to the concept of layering, which wasn't quite the 
concern I was raising, but is probably reasonable as an encompassing 
construct.

You claimed DKIM has never conformed to layering and I asked you to 
explain.  I included an explanation for why there is no obvious basis 
for your assessment, especially since the example you gave appears to 
have nothing to do with layering, given that what you cited is something 
entirely internal to DKIM.

I didn't see a clarification from you, about this.


But since these foundational points aren't sufficient for you, I'll 
elaborate, although having to discuss the benefits of design and coding 
discipline is a bit surprising.  It made sense 40 or 50 years ago, when 
software engineering was an emerging discipline, but I'd thought the 
industry was a bit more mature than that by now.

Having a DKIM module check for one aspect of RFC5322 conformance raises 
a need to make it a full RFC5322 compliance engine.

If it doesn't, then the  attention to compliance is a random walk 
through whatever concerns are fashionable at the moment.  That is, is 
sprinkles stray bits of compliance code in a place that won't be -- and 
shouldn't be -- expected to have it.

As maintenance nightmares go, over the long term, this is a pretty 
classic example.  As things related to RFC5322 change over time, and 
personnel changes remove specialized knowledge, it will not be obvious 
to check whether this module needs changing.

When a DKIM module is invoked, it should be invoked with necessary input 
validation checking already done.  If it hasn't been, then there are 
larger system problems that stray bits of code in the DKIM module won't fix.

d/

ps. Yes, I do have strong feelings about thoughtful design discipline.  
It usually produces cleaner, simpler, clearer results.

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social

v2.23.0 | Report a Bug | By Email