Strict canonicalization considered harmful

From: Alessandro Vesely <vesely_at_tana.it>
Date: Fri, 05 Dec 2014 11:18:11 +0100

Hi,
a user reported problems with a long (us-ascii) From:, so I tried myself. My
first attempt went ok, but then I noted he used simple/simple rather than
relaxed/relaxed. So I temporarily changed my settings. This time I failed too.

I sent an empty message to each of the remailers in opendkim-README:

        sa-test_at_sendmail.net
        check-auth_at_verifier.port25.com
        autorespond+dkim_at_dk.elandsys.com
        test_at_dkimtest.jason.long.name
        dktest_at_exhalus.net
        dkim-test_at_altn.com
        dktest_at_blackops.org

In addition, I tried Gmail, Yahoo!, and the following three:
http://www.brandonchecketts.com/emailtest.php
http://www.appmaildev.com/en/dkim/
http://9vx.org/~dho/dkim_validate.php

Results: test_at_dkimtest.jason.long.name bounced, the last two succeeded, the
rest failed. To be more precise, applemaildev failed on an empty message like
the one below; however, it succeeded when the body contained some text. The
other checkers manage to munge the From: line before verification, so they
cannot succeed.

One of the empty messages is reproduced below:

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=tana.it; s=beta;
        t=1417767989; bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=; l=2;
        h=Date:From:To;
        b=WV08SfyvWTnKHrjXYCRzPpt/KY043G5LC2iMtqF2JrBYs2PDT415kACnizkcmbrh5
         7FIHyCd6iLpZImUZpJmj2ZMM9f23XbPfwNcVvURwuo1URr+UFLxD6ZG/DOFtIsKF6/
         Z+8P9GuI5Oi0N9aRTr3NGfrR9tbXLCyE+rzWW3Qs=
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.88] (pcale.tana [172.25.197.88])
  (AUTH: CRAM-MD5 uXDGrn_at_SYT0/k)
  by wmail.tana.it with ESMTPA; Fri, 05 Dec 2014 09:26:29 +0100
  id 00000000005DC035.0000000054816C35.0000040B
Message-ID: <54816C35.6020600_at_tana.it>
Date: Fri, 05 Dec 2014 09:26:29 +0100
From: "Display phrase of 51, total line length line of 76" <vesely_at_tana.it>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.2.0
MIME-Version: 1.0
To: autorespond+dkim_at_dk.elandsys.com
Subject: Test
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Received on Fri Dec 05 2014 - 10:18:22 PST

This archive was generated by hypermail 2.3.0 : Fri Dec 05 2014 - 10:27:01 PST