File: dkim_errata.txt

package info (click to toggle)
libmail-dkim-perl 0.54-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster
  • size: 1,412 kB
  • sloc: perl: 5,855; makefile: 10
file content (44 lines) | stat: -rw-r--r-- 1,712 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
Following are some notes about gray areas in the RFC 4871 DKIM
specification.


Section 3.4.4 "relaxed" Body Canonicalization

  Empty bodies. Unlike the "simple" body canonicalization, which
  explicitly says to add a CRLF, the "relaxed" body canonicalization
  does not say this. The consensus at DKIM-Interop was NOT to add
  a CRLF for "relaxed" body canonicalization when the body is empty.


Section 3.5 "i= Identity of the user or agent"

  In the section describing "identity", it says dkim-quoted-printable
  encoding is to be used, but quoted printable is not mentioned in the
  ABNF. The ABNF includes the "Local-part" token, which allows a quoted
  string with backslashes to escape certain characters.

  My interpretation (combining the text and my own reasoning), is that
  the i= tag value should be the dkim-quoted-printable encoding of:

    [ Local-part ] "@" domain-name

  So, e.g.
                                     local part     domain
                                     ----------     -----------
    i="meet=20joe"@example.com  =>   "meet joe"     example.com
    i="fine=3Bmess"@example.com =>   "fine;mess"    example.com
    i="j=20s=22@example.com     =>   "j s"          example.com
    i=j smith @ example . com   =>   jsmith         example.com


Section 3.6.1 "granularity of the key"

  Does "an empty g= value never matches any addresses" mean that any
  signature, no matter the i= value, using this key cannot be
  matched? The consensus at DKIM-Interop was that YES, that's what
  it means.

  It should be noted that this is an incompatible change from
  RFC4870-DomainKeys, where an empty g= tag in the public key is
  equivalent to g=*, which would match anything.