Hector Santos wrote:
is canonicalized to:
a:X<CRLF>b:YZ<CRLF><CRLF>CDE
<CRLF>dkim-signature:a=rsa-sha1;d=example.net;
s=brisbane;c=simple;q=dns;i=(_at_)eng(_dot_)example(_dot_)net;b=;h=A:B
Is this correct?
Yes, that's correct.
In my technical opinion, we need to do as much as we can to stream line the
protocol. The system parsing requirements is already complex as it is.
There is would be no harm in mandating a final tag "b=" location. I think
it should be a *rule* for the b= signature tag to be the last tag added to
the DKIM-Signature: record.
I really don't see that it's necessary -- I hadn't tested it, but my
code just nuked the value of the b= and kept on going. It didn't have
to do anything special depending on its position. The trailing semicolon
*is* syntactically valid, so your parser needs to be robust for that
even if b= is the last value.
Hmmm, maybe would look at the idea of a tag location where the
DKIM-Signature record hashing ends? So that if anyone adds new tags, it
doesn't have to be part of the signing process?
I can't think of any reason why you'd want to have mutable tag/values
in the signature header.
> PS: is the dkim-dev maling list active yet? I haven't received any mail
from it yet.
I can't remember if Dave auto-subscribed me or not. These kinds of
discussions would probably be more appropriate there though...
Mike