Re: [ietf-smtp] Stray <LF> in the middle of messages

Valdis Kl ē tnieks <valdis.kletnieks@vt.edu> Sat, 06 June 2020 20:06 UTC

Return-Path: <valdis@vt.edu>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E5F43A09C6 for <ietf-smtp@ietfa.amsl.com>; Sat, 6 Jun 2020 13:06:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ok6Dgx6YbE-J for <ietf-smtp@ietfa.amsl.com>; Sat, 6 Jun 2020 13:06:43 -0700 (PDT)
Received: from omr2.cc.vt.edu (omr2.cc.ipv6.vt.edu [IPv6:2607:b400:92:8400:0:33:fb76:806e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3B813A0B24 for <ietf-smtp@ietf.org>; Sat, 6 Jun 2020 13:06:42 -0700 (PDT)
Received: from mr4.cc.vt.edu (mr4.cc.vt.edu [IPv6:2607:b400:92:8300:0:7b:e2b1:6a29]) by omr2.cc.vt.edu (8.14.4/8.14.4) with ESMTP id 056K6gNW011770 for <ietf-smtp@ietf.org>; Sat, 6 Jun 2020 16:06:42 -0400
Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com [209.85.160.199]) by mr4.cc.vt.edu (8.14.7/8.14.7) with ESMTP id 056K6aF9020102 for <ietf-smtp@ietf.org>; Sat, 6 Jun 2020 16:06:41 -0400
Received: by mail-qt1-f199.google.com with SMTP id e8so11851672qtq.22 for <ietf-smtp@ietf.org>; Sat, 06 Jun 2020 13:06:41 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:in-reply-to:references :mime-version:content-transfer-encoding:date:message-id; bh=5P4uDKEo+fruY5G6iBSZLyv8T1dsotF1PsioWdk/pqY=; b=KpE/FP4FwcGqnSJRMHJ9Cx406CRBS41ZSpHmRt6YvRu2HVRXJJL9LjnhB1f93A5WDK aPASc190ashgbT75HUvq9zw2/QkM9X3BBtm4S8FZLvxR+G4JhxaDkbCuYZytUDWMlLma QXPuDyF/leOQ2KoPnlKW4wZF6PsJCrQR5dzO1m3UdBydQ9p4XXgqI6fzqS7vTPDknmhP MOonbzlp5MPcfdGtd3JkPcLWjr4Q3wzFTZ4670m0GZUJrUysTngT+3KQ1tRWtCpipYPM g/AMyPixjmAPvVR0qTbB+gANVLEBAsQLLgUXkZSLBgOqCKzNKwOk2G8q5ucl63Xdj1sk +w5g==
X-Gm-Message-State: AOAM5317oWxidJMotiL93+U+jx54XZyaJTYX/I2Yf37/+PPz69OhId7a lCIPnDrvPPT4dG4uHpVuB6CyPKKAOcui98RmviFYmFlJ3T4RP/GP23ul59/FPvO3pDaCsIRrJ91 bL3I1hf2TKhnYE506SBwdXg==
X-Received: by 2002:a05:620a:576:: with SMTP id p22mr15276164qkp.196.1591473996259; Sat, 06 Jun 2020 13:06:36 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJylrXwspjMnfdVCM4HOcm/vfgG0lp9uYbNL4uBRATindMr18wU1lzGxhb6hOeM4XKWSQh0Lhw==
X-Received: by 2002:a05:620a:576:: with SMTP id p22mr15276144qkp.196.1591473995923; Sat, 06 Jun 2020 13:06:35 -0700 (PDT)
Received: from turing-police ([2601:5c0:c001:c9e1::359]) by smtp.gmail.com with ESMTPSA id x43sm3379011qtk.70.2020.06.06.13.06.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Jun 2020 13:06:34 -0700 (PDT)
Sender: Valdis Kletnieks <valdis@vt.edu>
From: "Valdis Kl=?utf-8?Q?=c4=93?=tnieks" <valdis.kletnieks@vt.edu>
X-Google-Original-From: "Valdis Kl=?utf-8?Q?=c4=93?=tnieks" <Valdis.Kletnieks@vt.edu>
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7+dev
To: John C Klensin <john-ietf@jck.com>
Cc: dcrocker@bbiw.net, Leo Gaspard <ietf=40leo.gaspard.io@dmarc.ietf.org>, ietf-smtp@ietf.org
In-Reply-To: <CECAD420DF51202689DE4E81@PSB>
References: <87ftb8p1ii.fsf@llwynog.ekleog.org> <1bf01c85-3276-270b-a517-70bf15e09043@dcrocker.net> <CECAD420DF51202689DE4E81@PSB>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1591473993_5575P"; micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Sat, 06 Jun 2020 16:06:33 -0400
Message-ID: <444397.1591473993@turing-police>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/nzfjUS5BiHptonsvpZ9Aui_WKCc>
Subject: Re: [ietf-smtp] Stray <LF> in the middle of messages
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jun 2020 20:06:45 -0000

On Sat, 06 Jun 2020 14:15:49 -0400, John C Klensin said:
> I would add one additional cautionary note: we now have several
> security-related tools, in difference degrees of active use,
> that digitally sign message bodies, headers, or both.  If
> something sees a bare LF and converts it after those signatures
> are computed. testing them will typically fail.

I'm unaware of anything that does digital signatures that doesn't
already mandate the use of a canonical encoding that would prevent
a bare LF from escaping.  I suppose that somewhere, somebody wrote
a signature routine that was expecting canonical input and failed to
check for same and flag an error

On the other hand, the case can be made that causing the signature
to invalidate isn't an error - and possibly even rises to a 2119 SHOULD
fail.