ietf-dkim
[Top] [All Lists]

[dkim-dev] need an interpretation of the base spec

2008-06-03 14:45:23
I need an interpretation of the base spec here.

RFC 4871 section 3.5:
    b=  The signature data (base64; REQUIRED).  Whitespace is ignored in
        this value and MUST be ignored when reassembling the original
        signature.  In particular, the signing process can safely insert
        FWS in this value in arbitrary places to conform to line-length
        limits.  See Signer Actions (Section 5) for how the signature is
        computed.

    ABNF:

        sig-b-tag       = %x62 [FWS] "=" [FWS] sig-b-tag-data
        sig-b-tag-data  = base64string

RFC 4871 section 3.7:

    2.  The DKIM-Signature header field that exists (verifying) or will
        be inserted (signing) in the message, with the value of the "b="
        tag deleted (i.e., treated as the empty string), canonicalized
        using the header canonicalization algorithm specified in the "c="
        tag, and without a trailing CRLF.

The test case has a DKIM signature that looks like this:

DKIM-Signature: v=1; q=dns/txt; d=example.com; s=sel1; a=rsa-sha256;^M
      h=Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:^M
      From:Date:To; bh=HryPFX2R6r7JPsX1Z7+yReZddQR2PjvCvdXgaxW5QYU=; b=^M
      dMozOMJVKhnCk7NnC7lqWIdhwU7Jv3DzAmoEC+Ums0KqAe9FOhqPCtbCAN^M
      061sS2aiKRDA8pzjTeFBsF40yDuYyvJ85ZY1PR5O736DeBEHGw3QX3s9/^M
      LRFcqXV2na7YkJorUyMm4BXDSgmpW3TR8GiiUNXXKaHeucvxxOr3Lq0g=^M

Note how the "b=" is separated from the hash key by the CRLF and white 
space.

Now the question: Does the "value of the 'b=' tag" (that is deleted per 
section 3.7) mean 1) exactly the sig-b-tag-data, or 2) does it include 
the [FWS] between the "=" and the sig-b-tag-data?

Depending on the order you do the remove and canonicalization, and your 
answer to the above question, if #1, then the canonicalized form of the 
DKIM-Signature will use
        c=simple        "b=     "
        c=relaxed       "b= "

And if #2, then the canonicalized form of the DKIM-Signature will use
        c=either        "b="

I've seen two different interpretations of this. Of 3 different 
reflectors I got responses from, 2 appear to follow #2 and 1 appears to 
follow #1. One version of my own code is whitespace-preserving, as in 
#1, but another set of code I wrote is not, as in #2. Argh!

Right now, I'm leaning towards thinking that #2 is correct. What say the 
rest of you?

        Tony Hansen
        tony(_at_)att(_dot_)com
_______________________________________________
dkim-dev mailing list
dkim-dev(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-dev

<Prev in Thread] Current Thread [Next in Thread>