[Fwd: Re: [ietf-dkim] canonicalized null body and dkim]
Charles Lindsey
chl at clerew.man.ac.uk
Sat Dec 30 05:05:06 PST 2006
On Sat, 23 Dec 2006 00:39:07 -0000, Hector Santos <hsantos at santronics.com>
wrote:
> Charles Lindsey wrote:
>> On Thu, 21 Dec 2006 17:55:41 -0000, Hector Santos
>
>>> if l=2, that means two <CRLF> were hashed.
>> But that case cannot arise with the text proposed.
>
> But what if it is l=2, what if that is what the VERIFY sees? It means
> whether truly BYTES exist or not, these two hashable bytes must be
> <CR><LF>.
No, if what was hashed has zero bytes in it, then you MUST NOT say 'l-2'.
>
>>> if l= missing, that means at minimum two <CRLF> were hashed.
>> No, it means whatever the canonicalization produced would be hashed,
>> which would be <empty> in this case.
>
> Ok, again, we are talking VERIFICATION here. If no l= tag is specified
> as part of the DKIM-Signature: header, the specs says the "entire" body
> is hashed. Therefore, according to what I am reading, if the body is
> indeed DKIM-NULL (empty after any <CRLF> trimming) then 2 bytes <CRLF>
> will be hashed.
If the body is indeed NULL/empty/whatever, then WHY do people want to do
anything to it, like adding a <CRLF> out of thin air? The text I have
proposed says to leave it empty in that case.
>
> Are you saying there SHOULD be no hashing and therefore no b= tag?
No, you hash <empty> and the result of that goes into the b= tag.
Apparently, the result of hashing an empty file with sha-256 is
47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU
so that would go in the b= tag.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim
mailing list