[ietf-dkim] Re: Use of LWSP in ABNF -- consensus call

Douglas Otis dotis at mail-abuse.org
Wed May 16 09:25:56 PDT 2007 

On May 15, 2007, at 1:10 AM, Clive D.W. Feather wrote:

> Tony Hansen said:
>>> I share your concerns about removing rules that are already in  
>>> use --
>>> that would generally be a bad thing.  However I'm interested in the
>>> consensus around whether a warning or a deprecation statement  
>>> would be a
>>> good thing.
>>
>> LWSP has a valid meaning and use, and its being misapplied somewhere
>> doesn't make that meaning and usage invalid. I could see a note being
>> added. However, anything more than that is totally inappropriate.
>
> +1
>
> Frank's text in
> <http://www1.ietf.org/mail-archive/web/ietf/current/msg46048.html>
> would be fine:
>
>   Authors intending to use the LWSP (linear white space) construct
>   should note that it allows apparently empty lines consisting only
>   of trailing white space, semantically different from really empty
>   lines.  Some text editors and other tools are known to remove any
>   trailing white space silently, and therefore the use of LWSP in
>   syntax is not recommended.
>
> However, it doesn't belong in "security considerations".

Discarding of lines is likely in response to some type of exploit.   
The consideration for not using LWSP would be in regard with how  
security requirements may create incompatibilities.  This is the  
correct section.


> What about moving LSWP, and this text, to a separate section of  
> Annex B:
> "B.3 Deprecated constructs"?

Agreed. That would also be appropriate.

Another problem regarding LWSP is in regard to _many_ differing  
definitions.  A profusion of differing definitions alone becomes a  
valid reason to deprecate the mnemonic.  This definition represents a  
poor practice as related to security which should not be facilitated  
through standardization.  By removing this problematic construct,  
better solutions are more likely to be found.  At least (ab)use of  
the mnemonic will have been discouraged.  Any continued use of this  
mnemonic should be discouraged and the note added should clarify one  
of the reasons for this mnemonic being deprecated is specifically due  
to its varied and checkered meanings in other drafts.

-Doug

More information about the ietf-dkim mailing list