ietf-dkim
[Top] [All Lists]

[ietf-dkim] ISSUE: tag l=2 and dealing with leading blank lines for SIMPLE c14n.

2007-01-22 05:44:52
hmmmmm,,

I read the DKIM-BASE specs a few times now and I don't see anything nor do I recall any list discussion about the body content containing leading <CRLF> lines and dealing with them, especially in relationship to the much debated l=2 or SIMPLE c14n "empty" message.

Consider the following RFC 2822 message:

   headers:<CRLF>
   <CRLF>           <-- RFC x2822 header/body delimiter
   <CRLF>           <-- Beginning of body
   12345678<CRLF>
   12345678<CRLF>
   <CRLF>

Here we have 24 message body bytes with 1 leading blank lines.

It would be super silly to set a L=2 to hash only the first two bytes here where the two bytes are <CRLF>. This would result in a facsimile of an of empty message which has an exploitable body altering hole.

I think we need one more LINE of text in the DKIM-BASE.

   "Although it is possible to hash only a part of the
    SIMPLE canonicalized message body, it is highly discouraged
    to hash only two octets if the leading two octets are <CR><LF> and
    there additional non <CR><LF> octets."

I am just winging it above so maybe ERIC or someone else can better state this.

I just think that we went at length to explain the special consideration when L=2 for the SIMPLE c14n "empty" message and the need to add a <CRLF> to the hashing feed if required, that it is probably to also stipulate or highlight that partial hashing should not include hashing only 2 bytes with <CRLF> leading blank lines.

---
HLS






_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html