IETF Logo Mail Archive

Re: [Ietf-dkim] Question about lone CR / LF

Dave Crocker <dhc@dcrocker.net> Fri, 02 February 2024 03:18 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FB7EC14F616 for <ietf-dkim@ietfa.amsl.com>; Thu, 1 Feb 2024 19:18:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nQ9S9Q5W8t63 for <ietf-dkim@ietfa.amsl.com>; Thu, 1 Feb 2024 19:18:46 -0800 (PST)
Received: from rusty.tulip.relay.mailchannels.net (rusty.tulip.relay.mailchannels.net [23.83.218.252]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F82CC14F609 for <ietf-dkim@ietf.org>; Thu, 1 Feb 2024 19:18:45 -0800 (PST)
X-Sender-Id: hostingeremail|x-authuser|dhc@dcrocker.net
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id EE9CF42412 for <ietf-dkim@ietf.org>; Fri, 2 Feb 2024 03:18:44 +0000 (UTC)
Received: from nl-srv-smtpout2.hostinger.io (unknown [127.0.0.6]) (Authenticated sender: hostingeremail) by relay.mailchannels.net (Postfix) with ESMTPA id B9C834244D for <ietf-dkim@ietf.org>; Fri, 2 Feb 2024 03:18:42 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1706843923; a=rsa-sha256; cv=none; b=YcvCBU+qPTN+7+mau20lNDzLUPhEXUPex2El+W2R4n9dhCk2EMIP/qz/X6w8IJfvnRs5I1 Jy9BFxk7KsINt+N2S7mDgqMfLGWr/50GqVZFkrkb97yX0n5AuJieVCYu2X/dy31aA2PVjC kMOqd+mx5nX0oPCD1LxTcsG2xlGDTkSI8fvHOIMLwnsIkKQ33Vf4kGOPQSfZJwNPL8YqZH 7b4NRAFkTBvHJK67VKkHR0VXj8nMS3HwxJCak5ugm3Kics9/BByFgunruCyLLxko1HdxuI Z1E/bbTEs37KvOC4Xz/qs/C77mwxXElmV7jiSWgQSQ18U3hthyiWUlcwDiKVjg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1706843923; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=HGR33rwDNWXIVHNC1glTi8mo4+4zmaRaZiase9BQLok=; b=sJFdCCkGGBoXo3m8vcfcWyNoeJCLCM1zW5K5HMMgF63oUmOSyt3kkUsSPDZYWkVbBeivL+ oMyhj7jXRIjpbZX/dSv6Jxasa0YbuHWWR8vLyFRF+H68q+KXy54WviKBazylXc6BOEQN0I PAX/6ER9OyOcBwv2KIQft1+zgG77lE9hP/1ItJ7s+pdE53vPfJHtoQ/jF32oFAEKodLhW4 5spLWOWXMZ7QkIhK28O59bX9YkIbEFU3OCDQOurJao4enWA+xNjt0gj7v4voJ5q9itOYe4 oIK39Toro9HCVJsCzmti33zHdWAbWIFfY8nq2eBah7iKKvAIovdHo+j/RthtGQ==
ARC-Authentication-Results: i=1; rspamd-6bdc45795d-cfxcq; auth=pass smtp.auth=hostingeremail smtp.mailfrom=dhc@dcrocker.net
X-Sender-Id: hostingeremail|x-authuser|dhc@dcrocker.net
X-MC-Relay: Neutral
X-MailChannels-SenderId: hostingeremail|x-authuser|dhc@dcrocker.net
X-MailChannels-Auth-Id: hostingeremail
X-Lettuce-Shoe: 75087f0f0db1574b_1706843923265_3740807711
X-MC-Loop-Signature: 1706843923265:2782657571
X-MC-Ingress-Time: 1706843923265
Received: from nl-srv-smtpout2.hostinger.io (nl-srv-smtpout2.hostinger.io [145.14.150.88]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.123.181.231 (trex/6.9.2); Fri, 02 Feb 2024 03:18:43 +0000
Message-ID: <26b61068-9a70-44ce-bde4-240fff1c154c@dcrocker.net>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dcrocker.net; s=hostingermail-a; t=1706843921; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HGR33rwDNWXIVHNC1glTi8mo4+4zmaRaZiase9BQLok=; b=dsWFSqP8P9LOz7lp9mUwXFcsFFTIoO5/mMsXkK85czFqI4RyWOErZRFXEce7BJvQRrYssd rbPvqBDIuPpmyrt/k72sTJ3UEys0zWx0L+ScdxopPNUfx0e1/IcHOHYZS7seDG8LjyYRcI 71coPhLQOiLe1NUFPxMKeqtn+F/gPRo7tbVubY8xJ1XWqNj6IWaX9qoDZYo5UmhjIsgkqQ 5js2fiijFyR21gkUkQKVm07BsbQkeFT+wnKqLSOPm90PLWHx7yWThLcVCKhetKFxOp9ktQ lemeinQbTrSFohGInwH6b+zwqP4RQ/st6cHQcD0d/7NEFs3liOqaAPYCIiUeqA==
Date: Thu, 01 Feb 2024 19:18:39 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: John R Levine <johnl@taugh.com>
Cc: ietf-dkim@ietf.org
References: <20240201180340.852B6820560B@ary.qy> <E8C1422D-4A9C-412A-BF5E-D07CABD2BFE2@callas.org> <95f2ba17-a81e-4adc-97d0-6c7387ade5f5@dcrocker.net> <e2753f82-cc7b-d220-cd42-2afb3f5865be@taugh.com>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Reply-To: dcrocker@bbiw.net
In-Reply-To: <e2753f82-cc7b-d220-cd42-2afb3f5865be@taugh.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-CM-Analysis: v=2.4 cv=HtdwGVTS c=1 sm=1 tr=0 ts=65bc5f11 a=f+oD5hTMMv8HtluUlp4ziA==:117 a=f+oD5hTMMv8HtluUlp4ziA==:17 a=IkcTkHD0fZMA:10 a=k7Ga1wGzAAAA:8 a=iUC_7GLdL6yymVf0Ws4A:9 a=3ZKOabzyN94A:10 a=QEXdDO2ut3YA:10 a=ijMaxGghyylP-n2pFjDB:22
X-CM-Envelope: MS4xfLJe0O/uxPs74L7XJP23qj//ofj7TghdJsgk9FPVix/2GI5XaFsyQhqBGUH6oV4sPx5MQnEmwWETgYWeHinhB6+Bi0jnMYFuTuE5fy3JhIvU3W1VUUqb UMFCLaAJeSsAxG6ObkYull+j4CMe7cEiKwIyktZmmp2vpoRet086oCSuhiXV4pzmXWcHl3snlWWNgcEHOvzXjfigk317DuyrPlE=
X-AuthUser: dhc@dcrocker.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/g-G2BnYZvzns4UCiunUftcblY0Y>
Subject: Re: [Ietf-dkim] Question about lone CR / LF
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2024 03:18:51 -0000

On 2/1/2024 7:05 PM, John R Levine wrote:
> Layering is a fine principle, but it's not how DKIM has ever worked in 
> practice.  Two weeks ago we had a long discussion about oversigning, 
> so DKIM validators can catch messages with multiple From: or Subject: 
> headers which have never been valid in any version of 822/2822/5322 
> but show up anyway.

Please explain how you think DKIM violates layering.

It scans the message; it adds a header field, but it otherwise does not 
modify the message.  Oversigning affects DKIM processing, itself, but 
still does not affect the message itself.

So I don't understand the claim that DKIM does not respect layering.


> For the specific issue of bare CR or LF, I was reminded on another 
> list that there is a trendy attack called SMTP smuggling which depends 
> on mail software inconsistently accepting bare CR or LF, and mail 
> providers are busy patching to fix it.

That has nothing to do with DKIM, of course.

So there might well need to be a separate discussion of these concerns, 
on emailcore, or the like, but not DKIM.

One hopes that discussion distinguishes between protocol architecture 
and details, versus possible implementation problems.  (This is where I 
cite the workshop some Stanford profs had about problems with TCP and it 
turned out it wasn't about the protocol but about an implementation -- a 
distinction they seemed not to have made.  Since the audience included 
Larry Roberts and Barry Leiner, I turned out to offer the softest 
criticisms...)

d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social

v2.23.0 | Report a Bug | By Email