IETF Logo Mail Archive

Re: [Ietf-dkim] Question about lone CR / LF

John Levine <johnl@taugh.com> Sat, 03 February 2024 20:11 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B96E8C14F60B for <ietf-dkim@ietfa.amsl.com>; Sat, 3 Feb 2024 12:11:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.159
X-Spam-Level:
X-Spam-Status: No, score=-4.159 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="AOVQ+5+9"; dkim=pass (2048-bit key) header.d=taugh.com header.b="TKMW/35a"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O8_v0risbP-4 for <ietf-dkim@ietfa.amsl.com>; Sat, 3 Feb 2024 12:11:08 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CADBEC14F5F1 for <ietf-dkim@ietf.org>; Sat, 3 Feb 2024 12:11:07 -0800 (PST)
Received: (qmail 43502 invoked from network); 3 Feb 2024 20:11:05 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=a9ec65be9dd9.k2402; bh=yftrYduu+97a2hAjfF4DkQpq73QYH7XpBmuAgX7ZgDY=; b=AOVQ+5+9V20WG/Jky38OeqxxBfxa+es+34ZStmjydTZxwdEd1Q0SVhVWHw0UEw5P6bOud2Z48xEy5sXwPbtqyKtr4XY6McQpPUlf1sPnFQC7pxXiZO/tuGR5tfsPI49ORr+Rs4bO2u5T7wgJgW/pIXSmbHimbP2HvDsSQls6m4VlaglLR39Hhks51sCNn1/6Y6RpHPg3grk9B+V+x7Me5gaGdXh1gO5blCFieViYZ2i/DZAV07Z6shrjsz2q2BGsBJGsTUt/1gOld+J7jjEWUGTO/pcvknbeT22T/WOXxGqJEgAijUkFsJW55k9heeDGJ6PBNJiA6SthtlR/kGoZmw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=a9ec65be9dd9.k2402; bh=yftrYduu+97a2hAjfF4DkQpq73QYH7XpBmuAgX7ZgDY=; b=TKMW/35abIzfRzwj9zzVWJ8HMKu77xL/9/Xe63PFxk7JZMNh6aQX6FcdQAOp09XfowUUOJnvF9VEKYDC4NOPWYAlmCWY6viXqN0CJOp8euGBj0D/dhfhQqRhzIBwzhmtYT8aSALuUFuflZ3NJXSpRZLJg5hrKuc3GZ9lmz3NiPMUvQ45+WZ2aKCnCj7akne+7lpsAb6pO1G8gDfs6EwGJXeJ90L+KtHEvLQxzLvpbwShD6dJUnf8xpoa6z2LOpNXyAlUaJ3RQM1cPX/qjQNh+/wOlzbuBA4UTxNDUvU61IyXk9A2YO5nIq9Dhm7lJI4yHSi1lnhxhkqz7oIw2RdZJA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 03 Feb 2024 20:11:05 -0000
Received: by ary.qy (Postfix, from userid 501) id 1FC79822ABD1; Sat, 3 Feb 2024 15:11:04 -0500 (EST)
Date: Sat, 03 Feb 2024 15:11:04 -0500
Message-Id: <20240203201105.1FC79822ABD1@ary.qy>
From: John Levine <johnl@taugh.com>
To: ietf-dkim@ietf.org
Cc: dcrocker@bbiw.net
In-Reply-To: <46b0e4e6-898a-4ab3-a51c-cc54abb14891@bbiw.net>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/8_BYUHK1xUc5CzSGYX9iFduWTY8>
Subject: Re: [Ietf-dkim] Question about lone CR / LF
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Feb 2024 20:11:12 -0000

It appears that Dave Crocker  <dcrocker@bbiw.net> said:
>> Any DKIM signer or verifier already has a state machine looking for CR 
>> and LF to do header or body canonicalization.  When the state machine 
>> runs into a bare CR or LF, it has to do something. The only options 
>> are to produce a wrong result, since there is no correct result, or no 
>> result. (As I said in a recent note to Murray, which wrong result is 
>> likely to vary depending on local file details.)  You seem to be 
>> saying that as a matter of principle it should produce a wrong 
>> result.  I'd rather not.
>
>The state machine has to process /every/ character.  You are focusing on 
>two that have special DKIM meaning, when occurring together, but that's 
>too narrow.  In practical terms, the state engine is evaluating every 
>character.

Sorry, I thought it would be obvious that it already has to treat CR
and LF differently, and it already has special cases for what follows
CR and (on systems that don't turn CRLF to LF on the way in) what
precedes LF.

>In focusing down so narrowly, you've missed the basic point I made:  
>DKIM has no inherent reason to care about these characters' occurring in 
>isolation. ...

Sigh. Except that it already does. You've made it clear that you
believe there is a principled reason to produce invalid signatures
from invalid input. Whatever.

R's,
John

v2.23.0 | Report a Bug | By Email