I noticed a few minor issues about key-*-tag on dkim-base-03.
#1 Section 3.6.1, key-g-tag includes CFWS which obscures the local-part
the verifier really need, and is needless for this tag. CFWS should be
excluded (and comments should be noted with key-n-tag).
[dkim-base-03]
key-g-tag-lpart = [dot-atom] ["*"] [dot-atom]
should be like
key-g-tag-lpart = [dot-atom-text] ["*"] [dot-atom-text]
(or 2821-Local-part/2821-Dot-string might be more appropriate.)
[rfc2821]
Local-part = Dot-string / Quoted-string
Dot-string = Atom *("." Atom)
Atom = 1*atext
Quoted-string = DQUOTE *qcontent DQUOTE
[rfc2822]
dot-atom = [CFWS] dot-atom-text [CFWS]
dot-atom-text = 1*atext *("." 1*atext)
#2 Section 3.6.1, key-p-tag permits empty value for revoking. So
key-p-tag = %x70 [FWS] "=" [FWS] base64string
should be like
key-p-tag = %x70 [FWS] "=" [ [FWS] base64string ]
#3 Section 3.6.1, key-h-tag default value (= allowing all algorithms)
should be able to be specified explicitly. So
key-h-tag-alg = "sha1" / "sha256" / x-key-h-tag-alg
should be like
key-h-tag-alg = "sha1" / "sha256" / "*" / x-key-h-tag-alg
--
SUZUKI Takahiko <takahiko(_at_)iij(_dot_)ad(_dot_)jp>
Internet Initiative Japan Inc.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html