[ietf-dkim] canonicalized null body and dkim

Hector Santos hsantos at santronics.com
Tue Jan 9 04:12:05 PST 2007 

Charles Lindsey wrote:
> On Mon, 08 Jan 2007 17:27:49 -0000, Eric Allman <eric+dkim at sendmail.org> 
> wrote:
> 
> Moreover, there remains another case that is ambiguous. Consider:
> 
>      Field: foobar<CRLF>
>      .<CRLF>
> 
> That is a valid RFC 2822 message with NO <body> at all (which is NOT the 
> same thing as an empty <body>). Let us apply your revised wording.

Unless there is some other different notation I am unaware of, it is 
*not* a valid RFC 2822 message.  I believe you meant:

       Field: foobar<CRLF>
       <CRLF>
       .<CRLF>

Why is this important?  Well, many reasons, but one good reason is that 
there are lot of code that search for the first "\r\n\r\n" to find the 
header/body separator, i.e,  strstr(buffer, "\r\n\r\n");

So we can't continue trying to make sense of mal-formed messages.
> There is no body, so no action is needed.

But there is a body.  It has a dot. Most likely an useless body, but 
body nonetheless.   Who knows? Maybe a "single dot" message means 
something to some one other there.  Maybe it means "Come Home, its late 
and stop by the store and pick up some mike."

>    An empty line is a line of zero
>    length after removal of the line terminator.
> 
> Not needed.

I think in this regard, being "specific is terrific".

> So what do we pass to the canonicalization? It doesn't say, but the only 
> reasonable intpretation would be to pass <empty>. So it appears that an 
> absent body canonicalizes differently to an empty body.
 >
 > ...
 >
> But we still have the bizarre situation that an absent body is treated 
> differently from an empty body. Can you please confirm that this was 
> your intention?

I disagree it is "absent".  It isn't. There is a dot.  It could of been 
a Q or a X, or Z or slash.  Lets not begin making judgments on the 
quality of message bodies.

As far as I am concern, we must resolve the deterministic design, not 
the abstract design.  The technique question for me was if the SIMPLE 
cl4n must end with <CRLF> bytes.  I see the following:

    L=0, no hashing is done,
    L=1, is not possible or is it?
    L=2, means we have a NULL body according to Erik, or is it?
    L=3, 1 byte message, or is it?

In other words, it is not technically impossible from a signing stand 
point to perform a SIMPLE cl4n with a large body w/o <crlf>, and the 
signer only hashes L=X bytes where X is less than the canonicalized text 
size.

In other words, you can have 5000 bytes in the message body and still 
say l=2.

According to Eric message, he cleared up this technique question for me.

During verification, you only need to canonicalized up to l=X size, you 
don't need to worry about going any further in the feed.

---
HLS

More information about the ietf-dkim mailing list