Re: Strict canonicalization considered harmful

From: Murray S. Kucherawy <>
Date: Wed, 10 Dec 2014 09:44:46 -0800 (PST)

On Wed, 10 Dec 2014, Alessandro Vesely wrote:
>> Something is improperly wrapping long header fields, perhaps?
> Yes, but what does that? Are you sure you had simple c14n? It's enough
> to check that the From: field came back with no added whitespace. For
> example, I paste below the header returned from medusa. You can see the
> test passed, because I have reverted to relaxed c14n, but the From: is
> munged, so it would not have passed if c14n had been simple --the
> subject of this thread.

I just repeated the test and once again it came back GOOD. The signature
we sent to was:

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;
     s=medusa3; t=1418233169;

So yes, it appears to pass with simple/simple when this is the test, as

medusa[2098]% sendmail
From: "Display phrase of 49, so total line length is 76" <>
Subject: simple/simple test

For kicks, I repeated the test but inserted an extra space after "From:",
and the result was also GOOD. The second space was included in the signed
header, as you can see from the "z=" tag:

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;
     s=medusa3; t=1418233414;

Received on Wed Dec 10 2014 - 17:45:03 PST

This archive was generated by hypermail 2.3.0 : Wed Dec 10 2014 - 17:54:02 PST