Hi!
On 12/18/25 07:40, Bron Gondwana wrote:
On Wed, Dec 17, 2025, at 21:56, Hannah Stern wrote:
On 12/16/25 19:13, John Levine wrote:
> It appears that Hannah Stern <[email protected]
<mailto:[email protected]>> said:
>> May c: instructions in body recipies (r=) overlap? This would allow
>> attempts to have verifiers use excessive memory/CPU like this:
>> [...]
> I can't think of a plausible reason to have overlapping recipes.
Unless I've
> missed something it sounds like we should have a section on
implementation limits
> and put that in it.
If we define them as invalid, that constraint (c: recipes may not
overlap) could perhaps be rather specified "in place" in the main
specification of theirs.
Followup question: Can c: recipies be non-monotonic? (c:4,c:2)
If they should be specified to be monotonic, an implementation could
stream and discard already processed chunks of the input version of the
mail body, on the assumption that if it has seen a c:1000 recipe, it
won't ever need lines 1-1000 of the input again.
I think that's fine - we could say that for both header and body
recipes, that they have to be monotonic and non-overlapping. I can
think of cases where you might not do so, but they're all kinda bullshit
"maximal compression" nonsense (e.g. reusing a mime boundary) which I'd
be happy not to allow given the additional risks it adds for very
minimal benefit.
Thanks!
I'd appreciate such a change. For DoS style risks, the non-overlapping
requirement would already be enough. Having c: recipes monotonic is
more a thing that might make checking the non-overlapping requirement
easier and enable implementation optimizations (which for me personally
are not essential, we here use servers with enough RAM so I don't expect
such a streaming implementation to be essential for us - YMMV.)
In any case, that would be an edit to the draft, wouldn't it?
Bron.
Hannah.
--
Hannah Stern
Software Developer
Mail Transfer Development
1&1 Mail & Media Development & Technology GmbH | | |
Phone: +49 721 91374-4519
E-Mail: [email protected] | Web: www.mail-and-media.com www.gmx.net
www.web.de www.mail.com www.united-internet-media.de
Hauptsitz Montabaur, Amtsgericht Montabaur, HRB 5452
Geschäftsführer: Alexander Charles, Dr. Michael Hagenau, Thomas Ludwig,
Dr. Verena Patzelt
Member of United Internet
Diese E-Mail kann vertrauliche und/oder gesetzlich geschützte
Informationen enthalten. Wenn Sie nicht der bestimmungsgemäße Adressat
sind oder diese E-Mail irrtümlich erhalten haben, unterrichten Sie bitte
den Absender und vernichten Sie diese E-Mail. Anderen als dem
bestimmungsgemäßen Adressaten ist untersagt, diese E-Mail zu speichern,
weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden.
This e-mail may contain confidential and/or privileged information. If
you are not the intended recipient of this e-mail, you are hereby
notified that saving, distribution or use of the content of this e-mail
in any way is prohibited. If you have received this e-mail in error,
please notify the sender and delete the e-mail.
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
