| Server IP : 23.254.227.96 / Your IP : 216.73.216.7 Web Server : Apache/2.4.62 (Unix) OpenSSL/1.1.1k System : Linux hwsrv-1277026.hostwindsdns.com 4.18.0-477.13.1.el8_8.x86_64 #1 SMP Tue May 30 14:53:41 EDT 2023 x86_64 User : viralblo ( 1001) PHP Version : 8.1.31 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /usr/share/doc/perl-Mail-DKIM/doc/ |
Upload File : |
Following are some notes about gray areas in the RFC 4871 DKIM
specification.
Section 3.4.4 "relaxed" Body Canonicalization
Empty bodies. Unlike the "simple" body canonicalization, which
explicitly says to add a CRLF, the "relaxed" body canonicalization
does not say this. The consensus at DKIM-Interop was NOT to add
a CRLF for "relaxed" body canonicalization when the body is empty.
Section 3.5 "i= Identity of the user or agent"
In the section describing "identity", it says dkim-quoted-printable
encoding is to be used, but quoted printable is not mentioned in the
ABNF. The ABNF includes the "Local-part" token, which allows a quoted
string with backslashes to escape certain characters.
My interpretation (combining the text and my own reasoning), is that
the i= tag value should be the dkim-quoted-printable encoding of:
[ Local-part ] "@" domain-name
So, e.g.
local part domain
---------- -----------
i="meet=20joe"@example.com => "meet joe" example.com
i="fine=3Bmess"@example.com => "fine;mess" example.com
i="j=20s=22@example.com => "j s" example.com
i=j smith @ example . com => jsmith example.com
Section 3.6.1 "granularity of the key"
Does "an empty g= value never matches any addresses" mean that any
signature, no matter the i= value, using this key cannot be
matched? The consensus at DKIM-Interop was that YES, that's what
it means.
It should be noted that this is an incompatible change from
RFC4870-DomainKeys, where an empty g= tag in the public key is
equivalent to g=*, which would match anything.