DNS TXT records can contain multiple strings which we just concatenate to
form a complete key record. That part's easily managed. However some
people have taken it upon themselves to escape semi-colons for some
reason, presumably because some programs like "dig" do that in their
output, which in turn is done perhaps to disambiguate a literal semi-colon
with one that starts a comment in a zone file.
The problem is that RFC4871 (DKIM) doesn't say that "\" is a special
character (at least nowhere that I can find) so something like this:
k=rsa\; t=y\; g=*\; p=<base64stuff>
...means the value of "k" for example is "rsa\" which doesn't match any of
the key methods we know and thus the record will get discarded. So if a
user constructs a key record using the output of "dig" as a starting
point, and then it doesn't work, the cause will not be at all obvious.
So, first: Is there anyplace, like in the ABNF specs, that codify "\" as a
universal escape character and so I should be processing it as such if
it's there even if the spec doesn't explicitly say so?
And, second: Should implementors treat it as such, even if the spec
doesn't say so, just to handle that situation?
And, finally: Should we add text to the deployment document discussing
NOTE WELL: This list operates according to