[Top] [All Lists]

Re: [ietf-dkim] versions, Where is the formal definition of DKIM-Signature?

2018-02-08 12:05:44
The code that knows to dispatch to v=2 can, just as easily, parse for the strings associated with the new features.

True, but not very interesting. In my spamassassin example, the outside code knows nothing about DKIM versions, it just sees a dkim-signature header and sends it to the DKIM library.

The point of a v=2 flag is to ensure that old v=1 code doesn't accidentally misinterpret new features. In my example, I made a semantic change: in v=1 DKIM, verifiers ignore tags they don't understand. In v=2, there's a new tag type that fails if a verifier can't handle it. The new tags have new syntax that, in an ideal world, would make v=1 verifiers fail with a syntax error, but we all know that parse errors are often not well debugged. I did look at a bunch of DKIM libraries and they all check for v=1 and fail if they don't find it.

John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for 
Please consider the environment before reading this e-mail.
NOTE WELL: This list operates according to

<Prev in Thread] Current Thread [Next in Thread>