ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] domain keys, the h tag, and the reflector at sendmail.net

2007-09-11 14:28:20
from [Eric Allman] [Permanent Link] 
Since no one else seems to want to bite, I will....
--On September 7, 2007 10:27:40 PM -0500 dave <dave(_dot_)wanta(_at_)123aspx(_dot_)com> wrote: 


Hi,
(If this isn't the right list, please let me know where I can ask
this question)
Well, this really isn't the right list, since DomainKeys and DKIM are not the same thing (although they are closely related). At this point I would recommend you be implementing DKIM rather than DK. That seems to be the direction the industry is going. 


As an educational experiance, I'm writing my own domain keys
signer. I'm using the reflector at sendmail (
sa-test[at]sendmail.net ) for testing. Everything is working fine,
except when I try to use the "h" tag. Then my domain-keys signature
fails as BAD. I'm going off of the spec:
draft-delany-domainkeys-base-06, which I believe is the latest spec
for domain keys.


Actually RFC 4870 is as close as it gets to an official version.


I hope I'm asking the right questions here, so, feel free to ask for
clarification.

It's my understanding that I use only the headers that are listed
in the "h" tag, and sign as if those were the only headers that
existed.
Based on my recollection, that is correct. It is definitely true in DKIM. 


for example, let's say I use the email sample found in the base-06
spec. It has the following headers (hopefully this doesn't wrap too
bad):

------------ Start Sample  --------
From: "Joe SixPack" <joe(_at_)football(_dot_)example(_dot_)com>
To: "Suzie Q" <suzie(_at_)shopping(_dot_)example(_dot_)net>
Subject: Is dinner ready?
Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
Message-ID: 
<20030712040037(_dot_)46341(_dot_)5F8J(_at_)football(_dot_)example(_dot_)com>

[body goes here]
------------ End Sample  --------

If the "h" tag is created like:

h="subject:from";

It's my understanding that I would actually sign this content:
------------ Start Sample  --------
Subject: Is dinner ready?
From: "Joe SixPack" <joe(_at_)football(_dot_)example(_dot_)com>

[body goes here]
------------ End Sample  --------

Is that correct? In other words, I concatonate the "subject" and
"from" headers (in that order), add my blank line, and then the
body. I then sign that combination.


It looks like that's correct based on a (very quick) scan of RFC 4870.

eric
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] domain keys, the h tag, and the reflector at sendmail.net, dave
Next by Date:  {Blocked Content} [ietf-dkim] I-D Action:draft-ietf-dkim-ssp-01.txt, Internet-Drafts
Previous by Thread:  [ietf-dkim] domain keys, the h tag, and the reflector at sendmail.net, dave
Next by Thread:  {Blocked Content} [ietf-dkim] I-D Action:draft-ietf-dkim-ssp-01.txt, Internet-Drafts
Indexes:  [Date] [Thread] [Top] [All Lists]