#113 Valid message with whitespace fails to verify

v2.5.3
closed
3
2008-04-29
2008-04-14
M T
No

A message with whitespace characters in the DKIM-Signature fails verification even if the signature is valid. A sample message is attached.

Discussion

  • M T

    M T - 2008-04-14

    msgWithWS

     
  • Anonymous

    Anonymous - 2008-04-14

    Logged In: YES
    user_id=1048957
    Originator: NO

    I'm suspicious of the signature's validity. Running the message through the filter in test mode with canonicalizations saved doesn't show any incorrect processing. I've attached the canonicalized headers generated by our code.

    Can you reproduce the signature? If so, can you attach the original data and procedure for generating the signature?
    File Added: canon-headers

     
  • Anonymous

    Anonymous - 2008-04-14
    • labels: --> Functionality
    • milestone: --> v2.5.3
    • priority: 5 --> 3
    • assigned_to: nobody --> sm-msk
    • status: open --> pending
     
  • Anonymous

    Anonymous - 2008-04-14

    Canonicalized headers

     
  • Anonymous

    Anonymous - 2008-04-15

    Logged In: YES
    user_id=1048957
    Originator: NO

    I took the following steps to verify:

    - run your header through our filter with debugging set such that
    canonicalizations are
    left behind in /var/tmp
    - split your attached message into two parts, headers and body
    - add CRs to the end of each line in the headers (which happens in normal
    SMTP)
    - move the signature header lines to the end, per header canonicalization
    procedure

    ...then the canonicalized header and the header file thus produced are
    identical.

    It appears to me the signature is not valid.

     
  • SourceForge Robot

    Logged In: YES
    user_id=1312539
    Originator: NO

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     
  • SourceForge Robot

    • status: pending --> closed
     

Log in to post a comment.