Skip to content

Always using the relaxed body canonicalization is invalid per DKIM - RFC 6376 #21

New issue
New issue
Open
Open
Always using the relaxed body canonicalization is invalid per DKIM - RFC 6376#21
@andrewhodel

Description

@andrewhodel
andrewhodel
opened on Jan 2, 2023

go-dkim/dkim.go

Line 229 in e1cd1a0

headers, body, err := canonicalize(email, dkimHeader.MessageCanonicalization, dkimHeader.Headers)
is always executed when validating DKIM with this module.

That executes

go-dkim/dkim.go

Line 353 in e1cd1a0

} else {
meaning that relaxed canonicalization is always executed. The protocol specifies that simple/simple is the default.

That is not valid per RFC 6376 because the DKIM header does not need to contain the c= tag and simple/simple is the default.

c= Message canonicalization (plain-text; OPTIONAL, default is "simple/simple"). This tag informs the Verifier of the type of canonicalization used to prepare the message for signing. It consists of two names separated by a "slash" (%d47) character, corresponding to the header and body canonicalization algorithms, respectively. These algorithms are described in [Section 3.4](https://www.rfc-editor.org/rfc/rfc6376#section-3.4). If only one algorithm is named, that algorithm is used for the header and "simple" is used for the body. For example, "c=relaxed" is treated the same as "c=relaxed/simple".

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions