Re: Strict canonicalization considered harmful from Murray S. Kucherawy on 2014-12-10 (OpenDKIM Users mailing list)

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Wed, 10 Dec 2014 09:44:46 -0800 (PST)

On Wed, 10 Dec 2014, Alessandro Vesely wrote:
>> Something is improperly wrapping long header fields, perhaps?
>
> Yes, but what does that? Are you sure you had simple c14n? It's enough
> to check that the From: field came back with no added whitespace. For
> example, I paste below the header returned from medusa. You can see the
> test passed, because I have reverted to relaxed c14n, but the From: is
> munged, so it would not have passed if c14n had been simple --the
> subject of this thread.

I just repeated the test and once again it came back GOOD. The signature
we sent to sendmail.net was:

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=blackops.org;
     s=medusa3; t=1418233169;
     bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;
     h=Date:From:To:Subject;
     z=Date:=20Wed,=2010=20Dec=202014=2009:39:12=20-0800=20(PST)|From:=2
      0"Display=20phrase=20of=2049,=20so=20total=20line=20length=20is=20
      76"=20<msk_at_blackops.org>|To:=20sa-test_at_sendmail.net|Subject:=20sim
      ple/simple=20test;
     b=BQafByRA7aF3ioxHdj8RaumKgCrgYaq6hTi1EJjS+tNkiPCkPJwy5x8qpILJwOvhu
      AaVcF2hQVNoNFwQhEipOkaWyhJtn3F/HQjsIqsqOZGBErFeADRYmLfwP+Owxo2Jf65
      evJyCswtF9S7uvqYHfsSvlszxv6DanGnhhZ+RDpk=

So yes, it appears to pass with simple/simple when this is the test, as
requested:

medusa[2098]% sendmail sa-test_at_sendmail.net
From: "Display phrase of 49, so total line length is 76" <msk_at_blackops.org>
To: sa-test_at_sendmail.net
Subject: simple/simple test
^D

For kicks, I repeated the test but inserted an extra space after "From:",
and the result was also GOOD. The second space was included in the signed
header, as you can see from the "z=" tag:

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=blackops.org;
     s=medusa3; t=1418233414;
     bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;
     h=Date:From:To:Subject;
     z=Date:=20Wed,=2010=20Dec=202014=2009:43:23=20-0800=20(PST)|From:=2
      0=20"Display=20phrase=20of=2049,=20so=20total=20line=20length=20is
      =2076"=20<msk_at_blackops.org>|To:=20sa-test_at_sendmail.net|Subject:=20
      simple/simple=20test;
     b=uXmO1Ae6anEDP/mEcZ8xEeTAZgft0upXnhkQTgOlBer6bS3pzqyyCvfQXfCLSYb6R
      945mmEikqEKIo3GIgUX85WPXkf7fV0WUFgw5Vl7v/80MTqYmTPiMaU9Au7YBFe3H8+
      CFWoWuCGMn5GVKJqwX9gkxsQuQSxKqKxt63cdmsM=

-MSK
Received on Wed Dec 10 2014 - 17:45:03 PST

This archive was generated by hypermail 2.3.0 : Wed Dec 10 2014 - 17:54:02 PST