[Top] [All Lists]

Re: [ietf-smtp] Stray <LF> in the middle of messages

2020-06-06 15:06:54
On Sat, 06 Jun 2020 14:15:49 -0400, John C Klensin said:
I would add one additional cautionary note: we now have several
security-related tools, in difference degrees of active use,
that digitally sign message bodies, headers, or both.  If
something sees a bare LF and converts it after those signatures
are computed. testing them will typically fail.

I'm unaware of anything that does digital signatures that doesn't
already mandate the use of a canonical encoding that would prevent
a bare LF from escaping.  I suppose that somewhere, somebody wrote
a signature routine that was expecting canonical input and failed to
check for same and flag an error

On the other hand, the case can be made that causing the signature
to invalidate isn't an error - and possibly even rises to a 2119 SHOULD

Attachment: pgprS_Ceqo1p9.pgp
Description: PGP signature

ietf-smtp mailing list