Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unnecessary encoded-words usage breaks DKIM signatures #79062

Open
brycedrennan mannequin opened this issue Oct 3, 2018 · 4 comments
Open

unnecessary encoded-words usage breaks DKIM signatures #79062

brycedrennan mannequin opened this issue Oct 3, 2018 · 4 comments
Labels
3.7 (EOL) end of life stdlib Python modules in the Lib dir topic-email

Comments

@brycedrennan
Copy link
Mannequin

brycedrennan mannequin commented Oct 3, 2018

BPO 34881
Nosy @warsaw, @bitdancer, @maxking, @brycedrennan

Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

Show more details

GitHub fields:

assignee = None
closed_at = None
created_at = <Date 2018-10-03.07:06:28.690>
labels = ['3.7', 'expert-email']
title = 'unnecessary encoded-words usage breaks DKIM signatures'
updated_at = <Date 2019-05-17.18:35:26.867>
user = 'https://github.com/brycedrennan'

bugs.python.org fields:

activity = <Date 2019-05-17.18:35:26.867>
actor = 'maxking'
assignee = 'none'
closed = False
closed_date = None
closer = None
components = ['email']
creation = <Date 2018-10-03.07:06:28.690>
creator = 'bryced'
dependencies = []
files = []
hgrepos = []
issue_num = 34881
keywords = []
message_count = 4.0
messages = ['326943', '326996', '326998', '342754']
nosy_count = 4.0
nosy_names = ['barry', 'r.david.murray', 'maxking', 'bryced']
pr_nums = []
priority = 'normal'
resolution = None
stage = None
status = 'open'
superseder = None
type = None
url = 'https://bugs.python.org/issue34881'
versions = ['Python 3.6', 'Python 3.7']
@brycedrennan
Copy link
Mannequin Author

brycedrennan mannequin commented Oct 3, 2018

Since Python 3.6.4 folding of unstructured headers uses the encoded words syntax even if there are no special characters.

This makes DKIM-Signature headers that are unreadable to google's gmail servers. It may be that encoded-words are not valid in this header. I don't see them mentioned here: https://tools.ietf.org/html/rfc6376#page-8

Here is the smallest test case I could create to demonstrate the issue.

One solution would be to add DKIM-Signature to the HeaderRegistry but I'm not yet expert enough to execute this. I went down that path for a few hours. Didn't see a straight-forward way to disable encoded words.

Setting EmailPolicy(max_line_length=None) does output without encoded words but I worry that will cause different incompatibility issues.

from email.headerregistry import HeaderRegistry
from email.policy import SMTP

def test_unstructured_encoded_word_folding():
    header = HeaderRegistry()('DKIM-Signature', 'a' * 85)
    folded = header.fold(policy=SMTP.clone(refold_source=None))
    print(f'\nDKIM-Signature: {header}')
    print(folded)
    assert '=?utf-8?q?' not in folded

Output:

DKIM-Signature: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
DKIM-Signature: =?utf-8?q?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa?=
=?utf-8?q?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa?=

AssertionError()!

@brycedrennan brycedrennan mannequin added 3.7 (EOL) end of life topic-email labels Oct 3, 2018
@bitdancer
Copy link
Member

See also bpo-34277 for a previous discussion.

I thought I had included a header-level toggle for encoded words, but that doesn't actually make sense, since by default a header value is treated as unstructured (which means encoded words are allowed).

To implement this you need to add a new TokenList class to _header_value_parser, say DKIMHeaderValue, with the class attribute 'as_ew_allowed' set to False.

Do you have a BNF description of the DKIM header? I could probably sketch the implementation of the DKIM header value parser from that.

Then you create a header in headerregistry that uses that parser as its value_parser.

@bitdancer
Copy link
Member

You could also play with just making a parser that is a simplified version of get_unstructured, producing a....maybe call it ASCIIOnlyUnstructuredTokenList...that would have as_ew_allowed set to False. That might not produce optimal results, but it would be better than the current situation.

@maxking
Copy link
Contributor

maxking commented May 17, 2019

Just for reference DKIM-Signature header is defined in RFC 6376 and the BNF description for the header is mentioned here (https://tools.ietf.org/html/rfc6376#section-3.5).

It is a bit long so I am not copy-pasting it here.

I might take a stab at writing a value_parser for this, but after I can write some simple ones. This seems to be overly complicated with many (optional/required) fields

@ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
@iritkatriel iritkatriel added the stdlib Python modules in the Lib dir label Nov 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.7 (EOL) end of life stdlib Python modules in the Lib dir topic-email
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bitdancer @maxking @iritkatriel