Dňa 21. 9. o 9:27 Gellner, Oliver via mailop napísal(a):
The bugs don't have to be security related, they just lead to wrongly computed DKIM signatures,
because some implementations applied the steps defined in the RFC for the relaxed canonicalization
in a wrong way or wrong order or whatever. For example as reported on this very list ("We
already found some interesting bits, like [...] mail-in-a-box using relaxed/simple for DKIM, which
breaks signature validity on long To: headers")
https://list.mailop.org/private/mailop/2023-February/024443.html or with Ciscos appliances which
"fail signing and verification messages with an empty body on relaxed canonicalization"
(bug ID CSCvh84754, but not publicly visible).
I'm not arguing against the relaxed canonicalization, just saying that it is
merely a workaround for the quirks in different MTAs and the actual solution
lies at fixing the behavior of those MTAs.
That is pointless.
Any software can have bug, any verifier can have bug, any hash library
can have bug, any MTA can have bug, any router can have bug... Yes bugs
was here, and will be here. Some are fixed over time, some fixes
introduces new bugs, some stays here for years...
Simply, we all are doing mistakes, including HW/SW devs. Bugfree
computers are science fiction (or PR).
regards
--
Slavko
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
