ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] New canonicalizations

2011-05-25 11:45:58
from [Hector Santos] [Permanent Link] 
Alessandro Vesely wrote:

3) For text parts, completely remove /any/ whitespace.  Additionally,
remove most punctuation, especially from begin and end of lines.


Do we really need this?  Do you know of cases related to this?


The idea is to anticipate any unknown signature breaker.  My three
points above are rather generic.  They are meant to be expanded so as
to include your five points below, and more.

I think it is quite obvious that MIME rewriting generates new
boundaries, and may alter an entity's header.

Non-text binary content that arrives corrupted deserves breaking a
signature.  However, a rewriter may decode a base64 entity for local
storage, and then re-encode it with a different line length.

Text undergoes any kind of massage, trailing "=" may be leftover,
CRLFs may be doubled, "From " turned into ">From ", besides the
leading dots you mention in point five.


Why not just DKIM Signer ALWAYS  base64 a MIME message/rfc822, sign it 
and thats it? :)


  4 - Lines over 998 (1000 with CRLF), this is an invalid RFC5322, but
      its possible some verifiers are designed to do a buffered C14N
      and don't check for RFC5322 line lengths between two memory points
      in the buffer as oppose as a line by line feed into the C14N
      function.  Why buffer vs line?  speed.


I imagined the C14N function reads characters one by one.  On finding
CRLF it can go back a few bytes to remove end-of-line punctuation.
However you code c14n(), it will be sparklingly faster than sha256().


The code can be written to do the C14N first, then do a time hash 
call, or you can do it on the fly C14N/HASH.  I use memory file maps 
to deal any potential large mail and the line parsing doesn't hurt speed.


and I just found a yet another problem which I was currently 
investigating to see where it this "mite" is occurring:

  5 - Incorrect handling of lines beginning with dots, for example
      I sent a message containing a line beginning with:


Yes, dot is one of the punctuation characters that should be removed.


This turned out to be a bug in our beta code, revamped to support I/O 
completion ports and the code for undotting of the leading dot (per 
RFC5321 4.5.2) fell thru the crack.  So we can nix this one. :)

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] No signatures, bad signatures, cousin domains, Murray S. Kucherawy
Next by Date:  Re: [ietf-dkim] New canonicalizations, John Levine
Previous by Thread:  Re: [ietf-dkim] New canonicalizations, Alessandro Vesely
Next by Thread:  Re: [ietf-dkim] New canonicalizations, Alessandro Vesely
Indexes:  [Date] [Thread] [Top] [All Lists]