Charles Lindsey wrote:
On Mon, 08 Jan 2007 17:27:49 -0000, Eric Allman <eric+dkim(_at_)sendmail(_dot_)org>
wrote:
Moreover, there remains another case that is ambiguous. Consider:
Field: foobar<CRLF>
.<CRLF>
That is a valid RFC 2822 message with NO <body> at all (which is NOT the
same thing as an empty <body>). Let us apply your revised wording.
Unless there is some other different notation I am unaware of, it is
*not* a valid RFC 2822 message. I believe you meant:
Field: foobar<CRLF>
<CRLF>
.<CRLF>
Why is this important? Well, many reasons, but one good reason is that
there are lot of code that search for the first "\r\n\r\n" to find the
header/body separator, i.e, strstr(buffer, "\r\n\r\n");
So we can't continue trying to make sense of mal-formed messages.
There is no body, so no action is needed.
But there is a body. It has a dot. Most likely an useless body, but
body nonetheless. Who knows? Maybe a "single dot" message means
something to some one other there. Maybe it means "Come Home, its late
and stop by the store and pick up some mike."
An empty line is a line of zero
length after removal of the line terminator.
Not needed.
I think in this regard, being "specific is terrific".
So what do we pass to the canonicalization? It doesn't say, but the only
reasonable intpretation would be to pass <empty>. So it appears that an
absent body canonicalizes differently to an empty body.
>
> ...
>
But we still have the bizarre situation that an absent body is treated
differently from an empty body. Can you please confirm that this was
your intention?
I disagree it is "absent". It isn't. There is a dot. It could of been
a Q or a X, or Z or slash. Lets not begin making judgments on the
quality of message bodies.
As far as I am concern, we must resolve the deterministic design, not
the abstract design. The technique question for me was if the SIMPLE
cl4n must end with <CRLF> bytes. I see the following:
L=0, no hashing is done,
L=1, is not possible or is it?
L=2, means we have a NULL body according to Erik, or is it?
L=3, 1 byte message, or is it?
In other words, it is not technically impossible from a signing stand
point to perform a SIMPLE cl4n with a large body w/o <crlf>, and the
signer only hashes L=X bytes where X is less than the canonicalized text
size.
In other words, you can have 5000 bytes in the message body and still
say l=2.
According to Eric message, he cleared up this technique question for me.
During verification, you only need to canonicalized up to l=X size, you
don't need to worry about going any further in the feed.
---
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html