IETF Logo Mail Archive

Re: [Ietf-dkim] Question about lone CR / LF

Dave Crocker <dhc@dcrocker.net> Sat, 03 February 2024 13:40 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D43A5C15108D for <ietf-dkim@ietfa.amsl.com>; Sat, 3 Feb 2024 05:40:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qtKRwhXJfWWO for <ietf-dkim@ietfa.amsl.com>; Sat, 3 Feb 2024 05:39:57 -0800 (PST)
Received: from cyan.elm.relay.mailchannels.net (cyan.elm.relay.mailchannels.net [23.83.212.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1138CC1CAF34 for <ietf-dkim@ietf.org>; Sat, 3 Feb 2024 05:39:56 -0800 (PST)
X-Sender-Id: hostingeremail|x-authuser|dhc@dcrocker.net
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id E2591363DC7 for <ietf-dkim@ietf.org>; Sat, 3 Feb 2024 13:39:55 +0000 (UTC)
Received: from uk-fast-smtpout4.hostinger.io (unknown [127.0.0.6]) (Authenticated sender: hostingeremail) by relay.mailchannels.net (Postfix) with ESMTPA id 0BD5F363F0C for <ietf-dkim@ietf.org>; Sat, 3 Feb 2024 13:39:54 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1706967595; a=rsa-sha256; cv=none; b=FxtltwprnU8AbMyCNQVw5iGnEGtcochMej5Ewyct9egIWPQXb6XOfYIrpV5+VqJtwl0jWK FTLAYbIAHvpseKikF4fwvcZ4PjgWJOWuM/I3uPDbuXXo6atXmI6YI5LHjSnsm6hzUxDuM6 PEr970n8UU9RwMiFR1xOV6svGIvmesQ6w7VBw7545Cdg/ZVgfeAAMC9yjs2of779zgwLG/ cDbDhlyblFw3C33RiTliSDH6GbEA2cDgYrYHZrAif/jQbn3nUZ1L1dl4KC7FGdPuo/s8Hg +l9U8cdoLXOkNmZMgAe8M4frN1dpHioYrudjI9TFQD6J6z0l9k339BZ07BLeJA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1706967595; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:dkim-signature; bh=Lla/eT8Psu2Xt1lSHGPtJuFs+j7m2MbSPJgWOzURDaY=; b=kOhsOzQzogPcxkaObpl+NeGqnHLMFaDVxDs98dfMAULxLKGDuDTsaHQHqMIU9uSSi2FANN zYH7WWgjl8ZDfDr9fQVDthvDHO78lPaaBv2fUcjaRKgjM3vGJyDOl966xVg/7r0XJB8Yei AMN/fEwDJoJGenoqDWc1bvmUtTIjc1RozpD+yi302ezJpfgfjFdMemm/41VpPT+Z+7obLJ avPH9wBQQ5WGo4f6Odeh8FdB9fGlPXLRubxvmmf7C0OHfizbzWFem6TrpdbLCWmc4cfrr7 kRw2EOf5yc0BGDfCVP7DyKQfQoTQByEp/xnrZSJr9yhfIHICoxc3HnjveodJtQ==
ARC-Authentication-Results: i=1; rspamd-55b4bfd7cb-qggvv; auth=pass smtp.auth=hostingeremail smtp.mailfrom=dhc@dcrocker.net
X-Sender-Id: hostingeremail|x-authuser|dhc@dcrocker.net
X-MC-Relay: Neutral
X-MailChannels-SenderId: hostingeremail|x-authuser|dhc@dcrocker.net
X-MailChannels-Auth-Id: hostingeremail
X-Whispering-Obese: 1587e46308b1aaed_1706967595738_2710910453
X-MC-Loop-Signature: 1706967595737:3148405238
X-MC-Ingress-Time: 1706967595737
Received: from uk-fast-smtpout4.hostinger.io (uk-fast-smtpout4.hostinger.io [31.220.23.38]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.102.32.103 (trex/6.9.2); Sat, 03 Feb 2024 13:39:55 +0000
Content-Type: multipart/alternative; boundary="------------4UlH9W5ugosJTd0YUL51dwtF"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dcrocker.net; s=hostingermail-a; t=1706967592; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=Lla/eT8Psu2Xt1lSHGPtJuFs+j7m2MbSPJgWOzURDaY=; b=CXFU7tVgTjjmvGRsfkTmyRslrMzfPFSvSCYq9xWevLh6G6FxyJXRFG0AGzCxrj1KEcqGfl gHBz5UvvG+GPlyCZ1ojRtuyUXkMvis/wohGHbkpAVs6K8R1k89/GoiqcLx9w1DFXtMW5fo yfZGijMBTphOfyipI54Ar1XfGVRaLmhbb0lR1Kn0/+7TLaZsfPMaDmmz1NBsTQKQmPYMzW 8pMRBhugvXLxpe/m3pORKEU3y0ZfQVgFUpTCkBRGmi+nYTkf2I81RnkEJ5G0oG1Fp3vvdp 9J8aLOqgu+lUKg4uGqCuU4Ed+zwpYPhbUonOpM8Up1mZjJNSd0snmUx3YSD2Eg==
Message-ID: <f9c11d1a-7799-4946-b95e-7c9c682d60ba@dcrocker.net>
Date: Sat, 03 Feb 2024 05:39:51 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: John Levine <johnl@taugh.com>
References: <20240202043446.AAF26820F0AD@ary.qy>
Content-Language: en-US
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Cc: ietf-dkim@ietf.org
Reply-To: dcrocker@bbiw.net
In-Reply-To: <20240202043446.AAF26820F0AD@ary.qy>
X-CM-Analysis: v=2.4 cv=RsPDLjmK c=1 sm=1 tr=0 ts=65be4228 a=f+oD5hTMMv8HtluUlp4ziA==:117 a=f+oD5hTMMv8HtluUlp4ziA==:17 a=r77TgQKjGQsHNAKrUKIA:9 a=k7Ga1wGzAAAA:8 a=mPY55APdGD1gCgxbZ4cA:9 a=3ZKOabzyN94A:10 a=QEXdDO2ut3YA:10 a=0skROM1ysBOsnNXvLmAA:9 a=psSeKZfm_wbK9oaS:21 a=_W_S_7VecoQA:10 a=lqcHg5cX4UMA:10 a=ijMaxGghyylP-n2pFjDB:22
X-CM-Envelope: MS4xfD4ukjw1oPuBs8tHsjF64OUmMEndCdTPflKYcb+s/QU1x3zUX1mV2+GuCfzo//+GsolokaxnQvYb1lDLh0IF8zUnrqBA9jG5r0S8XIYlXU5VMsEKHKfp 1EXbaEoZjjamVbYS8mLs2PyPBtbmnocl182ilaCLCU4XVTAYvZIrfCbJcdkzEB7sX1j9Yyof6o6u7NREP1/rF9AjBOlNSsaywNc=
X-AuthUser: dhc@dcrocker.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/Y1IhT650X-ELGtzJl0cesO5Yae4>
Subject: Re: [Ietf-dkim] Question about lone CR / LF
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Feb 2024 13:40:01 -0000

On 2/1/2024 8:34 PM, John Levine wrote:
> I can see that you have strong opinions about what a DKIM verifier
> should do with those non-5322 blobs, but I don't see what the basis
> for that is, and for that matter, I don't really understand what you
> expect code to do with them.  Why is "stop and report failure" any
> less valid than anything else?


I thought I supplied the key point in my response to Jon:

> A 5322 processor gets to decide what is a valid message.  That's not 
> DKIM's job.  And DKIM has no inherent reason to care about CR or LF on 
> their own, as distinct from any other character on its own.


You moved things to the concept of layering, which wasn't quite the 
concern I was raising, but is probably reasonable as an encompassing 
construct.

You claimed DKIM has never conformed to layering and I asked you to 
explain.  I explained why there is no obvious basis for your assessment, 
especially since the example you gave appears to have nothing to do with 
layering, given that what you cited is something entirely internal to DKIM.

I didn't see a clarification from you, about this.


But since these foundational points aren't sufficient for you, I'll 
elaborate, although having to discuss the benefits of design and coding 
discipline is a bit surprising.  It made sense 40 or 50 years ago, when 
software engineering was an emerging discipline, but I'd thought the 
industry was a bit more mature than that by now.

Having a DKIM module check for one aspect of RFC5322 conformance -- 
raises a need to make it a full RFC5322 compliance engine.

If it doesn't, then the  attention to compliance is a random walk 
through whatever concerns are fashionable at the moment.  That is, is 
sprinkles stray bits of compliance code in a place that won't be -- and 
shouldn't be -- expected to have it.

As maintenance nightmares go, over the long term, this is a pretty 
classic example.  As things related to RFC5322 change over time, and 
personnel changes remove specialized knowledge, it will not be obvious 
to check whether this module needs changing.

When a DKIM module is invoked, it should be invoked with necessary input 
validation checking already done.  If it hasn't been, then there are 
larger system problems that stray bits of code in the DKIM module won't fix.

d/

ps. Yes, I do have strong feelings about thoughtful design discipline.  
It usually produces cleaner, simpler, clearer results.

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social

v2.23.0 | Report a Bug | By Email