Hi Jeffrey,
On Jun 22, 2008, at 10:43, Jeffrey Rice wrote:
(I hope this won't get sent twice, I sent the first from an account
that
wasn't subscribed to the list.)
Hello,
I am trying to work up a signing method for use with Greg Hewgill's
pyDKIM. The signature itself seems to work fine, but only if it is
all
on the same header line. If the signature is folded, it fails.
I've tried folding by two methods: using python's add_header, or doing
it myself. I can see perhaps why add_header fails, since it leaves the
b= line as a run-on. (since it can't know that WS is ignored within
the
signature) Why my own method is failing is more a mystery. I've
looked
at the signature sent to me from other systems and I can't see a
difference between the folded headers I generate versus the ones
they do.
I'm extremely confused! I must be doing something quite simple. If I
take a message that is failing because of the wrapping and put the
signature all on one line and use Greg's dkim_verify, it now
passes. It
did occur to me maybe that the little script he provided doesn't work
with folder headers, but that doesn't explain why testing.dkim.org
also
rejects it. I'm at a loss...
When using the simple header canonicalization algorithm you can't re-
fold the DKIM header, because FWS is part of the signature. The
header must be included in the message exactly as it was signed. The
one exception is within the 'b' tag because that's zero'ed out before
validation, so you can fold that without requiring a WSP character to
be present.
If you instead use the relaxed canonicalization algorithm, then you
can fold the header on any WSP character, since the relaxed algorithm
deals with that, again except for the 'b' tag as I mentioned above.
Alec
--
Alec H. Peterson - alec(_dot_)peterson(_at_)messagesystems(_dot_)com
+1 443 656 3322
Director of Technical Services
Message Systems, Inc.
_______________________________________________
dkim-dev mailing list
dkim-dev(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-dev