Mark Martinec wrote:
John Levine wrote:
It is certainly the kind of bug that occurs in PHP scripts when the
programmer doesn't perfectly understand the quoting rules. It's
happened to me.
I'm collecting a set of common mistakes breaking DKIM signatures.
Pulling up a message from a while ago. Mark, did you ever get further
with your set of common mistakes?
I had occasion to look at a number of DNS key records, and find the
following common mistakes:
Sample size: 65456 DNS _domainkey (DKIM+DK) records
16 missing semi-colons between fields
1 missing any separators (k=rsap=....)
14 invalid quotation marks (") surrounding the entire record
2 invalid \" surrounding the entire record
5 invalid parens or paren+quotes surrounding the entire record
47 \-quoted characters, particularly \;
9 TTL value or other random DNS data showing up in the record
1 TTL value being in the record instead of the public key
17 random characters in the record, e.g. {, CRLF, backspace, SUB, >
113 SPF records being returned
13 key only, no p= or any other options
1 encoded ; as %3B
1 missing tag before =
8 other data in record (dkim=all, O=-, r=, &, ")
1 v=DKIM1 not first field in record
50 other random errors
---
299
I was not able to verify if any of the keys that had spaces within them
were actually valid keys or not.
The good news is that of the sample, the majority of the records were
just fine.
I'm wondering if there is a need for a web interface at dkim.org that
would validate someone's _domainkey TXT record.
Thoughts?
Tony Hansen
tony(_at_)att(_dot_)com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html