[ietf-dkim] ISSUE: tag l=2 and dealing with leading blank lines for SIMPLE c14n.

[Hector Santos]

hmmmmm,,

I read the DKIM-BASE specs a few times now and I don't see anything nor 
do I recall any list discussion about the body content containing 
leading <CRLF> lines and dealing with them, especially in relationship 
to the much debated l=2 or SIMPLE c14n "empty" message.

Consider the following RFC 2822 message:

    headers:<CRLF>
    <CRLF>           <-- RFC x2822 header/body delimiter
    <CRLF>           <-- Beginning of body
    12345678<CRLF>
    12345678<CRLF>
    <CRLF>

Here we have 24 message body bytes with 1 leading blank lines.

It would be super silly to set a L=2 to hash only the first two bytes 
here where the two bytes are <CRLF>. This would result in a facsimile of 
an of empty message which has an exploitable body altering hole.

I think we need one more LINE of text in the DKIM-BASE.

    "Although it is possible to hash only a part of the
     SIMPLE canonicalized message body, it is highly discouraged
     to hash only two octets if the leading two octets are <CR><LF> and
     there additional non <CR><LF> octets."

I am just winging it above so maybe ERIC or someone else can better 
state this.

I just think that we went at length to explain the special consideration 
when L=2 for the SIMPLE c14n "empty" message and the need to add a 
<CRLF> to the hashing feed if required, that it is probably to also 
stipulate or highlight that partial hashing should not include hashing 
only 2 bytes with <CRLF> leading blank lines.

---
HLS