[ietf-dkim] ISSUE: tag l=2 and dealing with leading blank lines for
hsantos at santronics.com
Mon Jan 22 04:32:49 PST 2007
I read the DKIM-BASE specs a few times now and I don't see anything nor
do I recall any list discussion about the body content containing
leading <CRLF> lines and dealing with them, especially in relationship
to the much debated l=2 or SIMPLE c14n "empty" message.
Consider the following RFC 2822 message:
<CRLF> <-- RFC x2822 header/body delimiter
<CRLF> <-- Beginning of body
Here we have 24 message body bytes with 1 leading blank lines.
It would be super silly to set a L=2 to hash only the first two bytes
here where the two bytes are <CRLF>. This would result in a facsimile of
an of empty message which has an exploitable body altering hole.
I think we need one more LINE of text in the DKIM-BASE.
"Although it is possible to hash only a part of the
SIMPLE canonicalized message body, it is highly discouraged
to hash only two octets if the leading two octets are <CR><LF> and
there additional non <CR><LF> octets."
I am just winging it above so maybe ERIC or someone else can better
I just think that we went at length to explain the special consideration
when L=2 for the SIMPLE c14n "empty" message and the need to add a
<CRLF> to the hashing feed if required, that it is probably to also
stipulate or highlight that partial hashing should not include hashing
only 2 bytes with <CRLF> leading blank lines.
More information about the ietf-dkim