,---
| a= The algorithm used to generate the signature (plain-text;
| REQUIRED). Verifiers MUST support "rsa-sha1" and "rsa-sha256";
| signers SHOULD sign using "rsa-sha256". See Section 3.3 for a
| description of algorithms.
|
| ABNF:
|
| sig-a-tag = %x61 [FWS] "=" [FWS] sig-a-tag-alg
| sig-a-tag-alg = "rsa-sha1" / "rsa-sha256" / x-sig-a-tag-alg
| x-sig-a-tag-alg = hyphenated-word ; for later extension
'---
The ABNF structure does not provide a clear indication where the key and
hash information will be placed in future definitions. This information
is needed when splitting out hash and key element for comparison within
the key k= and h= values. This definition may better prevent algorithm
spoof exploits.
Change to:
: ABNF:
:
: sig-a-tag = %x61 [FWS] "=" [FWS] sig-a-tag-alg
: sig-a-tag-alg = sig-a-tag-k"-"sig-a-tag-h
: sig-a-tag-k = "rsa" / x-sig-a-tag-k
: sig-a-tag-h = "sha1" / "sha256" / x-sig-a-tag-h
: x-sig-a-tag-k = ALPHA [ *(ALPHA / DIGIT) ; for future key types
: x-sig-a-tag-h = ALPHA [ *(ALPHA / DIGIT) ; for future hash types
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html