Section 3.6.1. states:
k= Key type (plain-text; OPTIONAL, default is "rsa"). Signers and
verifiers MUST support the "rsa" key type. The "rsa" key type
indicates that an ASN.1 DER-encoded [ITU-X660-1997] RSAPublicKey
[RFC3447] (see Sections Section 3.1 and A.1.1) is being used in
the "p=" tag. (Note: the "p=" tag further encodes the value using
the base64 algorithm.) Unrecognized key types MUST be ignored.
I believe the "Unrecognized key types MUST be ignored" is incorrect,
or at least can be misunderstood. It is not the key *type* (the value of
a 'k' tag) that is to be ignored (which would just mean that a 'k' tag is
useless as any value means 'rsa') - but the complete public key (record)
with a key type (implied or explicit) not matching the sig-a-tag-k from
an 'a' tag of a signature must be ignored.
Suggested change: replace the:
Unrecognized key types MUST be ignored.
with:
Algorithm name sig-a-tag-k of a signature must match exactly the
implied or explicitly specified key type key-k-tag-type of a public key.
Keys with unmatching key type MUST be ignored.
Mark
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html