On 10/20/2013 9:43 AM, Barry Leiba wrote:
No, wait: the reporter is confused, both about this errata report and
the companion one (h= vs a=).
Majid & Nazilla: You are looking at the section related to the key
records in DNS, and reading it as though it were about the signature
header in the message.
It's true that "v=1" is correct in the signature, and that in the
signature "h=" lists headers that are covered by the signature. But
in the key record in dns, it's different, and RFC 6376 is correct.
I admit that I also got confused a few times while working on the DKIM
documents and keeping it straight as to which section was referring to
which set of arguments. Having them use different values and different
tags for items that were conceptually the same was an unfortunate aspect
of the history behind DKIM. If we had had no history to consider when we
first created DKIM, I think it would have been better to make things
match better, such as using a= for both specifications of algorithm, and
using v=DKIM1 for both version numbers.
But we didn't have that luxury, so we are stuck with our current situation.
Perhaps, if this document is ever cracked open again, it would be useful
to tag things better to make it painfully obvious what is being
discussed. For example,
v= [Signature] Version (plain-text; REQUIRED) ...
a= [Signature] The algorithm used to generate the signature (plain-text;
REQUIRED). ...
...
v= [Key] Version of the DKIM key record (plain-text; RECOMMENDED, default
is "DKIM1").
h= [Key] Acceptable hash algorithms (plain-text; OPTIONAL, defaults to
allowing all algorithms).
But this is unlikely to happen.
Tony Hansen
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html