Hi!
On 12/12/25 22:23, Richard Clayton wrote:
This version of clayton-dkim2-spec has fully integrated the latest
iteration of Bron's Message-Instance header field (which carries the
hash values for the header and body) with DKIM2-Signature (which just
signs the M-I and D2-S headers).
Other changes you might miss until you read it carefully are to have a
coherent set of tag names (not slavishly copying DKIM1), and to use what
is effectively relaxed/simple; because relaxed is essential to interwork
for the headers -- and simple is more appropriate for something which is
authenticating mail bodies. If it causes interworking issues then we
should find out soon enough, and can change back to relaxed/relaxed.
This should now be a stand-alone document to implement against...
[...]
The short title has a spelling error:
Clayton, et al. Expires 15 June 2026 [Page 18]
Internet-Draft DKIM2 Signtures December 2025
s/Signtures/Signatures/
For Message-Instance, v= is limited to 2 digits. Perhaps for
consistency the EBNF for v= for the DKIM2-Signature (section 6) could
also changed to allow only 1*2DIGIT for consistency.
In section 6, the text description for a1= says: 'Verifiers MUST support
"rsa-sha256" and "ed25519";'. I'd think this needs to say "ed25519-sha256".
The ABNF for f= might need to be amended. In the draft it looks like:
sig-f-tag = %x66 [FWS] "=" [FWS] sig-f-data
*("," [FWS] sig-f-tag-data)
sig-f-tag-data = "modifiedbody" | "modifiedheader" | "exploded" |
"donotmodify" | "donotexplode" | "feedback"
x-sig-f-tag-data = ALPHA *(ALPHA / DIGIT)
; for later extension
The first line references sig-f-data which apparently needs to mean
sig-f-tag-data. sig-f-tag-data needs to have the added alternative
x-sig-f-tag-data, or else the latter is unreferenced.
The values modifiedbody/modifiedheader are not described in the text
above, anymore, and are redundant with Message-Instance. In the
scenario where one administrative domain has several modifying steps
(that are internally trusted) and at the end an outgoing MTA which adds
the signature, that one would need to check the Message-Instance headers
that have been added since the last signature to set the modified*,
while this is redundant anyway. While a verifier does need to go
through Message-Instance anyway, so I'm not sure if they are needed at
all. If not they can be removed from the ABNF.
There is talk about feedback requests elsewhere in the draft (e.g. 10.2)
but they are not specified for the DKIM2-Signature header.
In section 8: 'and any header fields whose name starts with "ARC" MUST
be ignored': Is this really "ARC*" or "ARC-*" or "ARC" *1("-" 1*ftext)?
(That is, would something like "Archived-At: <uri>" as per RFC5064 be
ignored?)
Otherwise I like the description of header processing. Looks clear and
precise enough for implementation.
9.1: 'If the message does contain a Message-Instance header field then
one MUST be added. This MUST NOT contain any "recipes" (b=, h.field=).'
I guess there's a "not" missing: If the message doesn't yet contain a
Message-Instance header, one MUST be added (with v=1, without recipies).
In addition, there's an inconsistency: above, recipies are declared as
r= and r.header= (which should be something with field instead of header
there).
9.2: 'one by one from the left hand side of the mf= domain and compared
with the rt= domain until there is an exact match or no labels remain'
Perhaps say explicitly "rt= domain of the previous signature"?
10.2.2 step 4: This may lead to ambiguity. If a verifier choses to
iterate all keys, fine, if any fits, the signature validates (possible
partial DoS potential), but if the verifier doesn't, they can't know if
another key would actually work or if the signature is just invalid -
i.e. if "permfail" is the actually correct result. The associated draft
for DKIM2 DNS actually says the RRs MUST be unique. Perhaps make 10.2.2
step 4 consistent with that MUST (as suggested in step 5 in connection
with the DKIM2 DNS draft).
Kind regards,
Hannah.
--
Hannah Stern
Software Developer
Mail Transfer Development
1&1 Mail & Media Development & Technology GmbH | | |
Phone: +49 721 91374-4519
E-Mail: [email protected] | Web: www.mail-and-media.com www.gmx.net
www.web.de www.mail.com www.united-internet-media.de
Hauptsitz Montabaur, Amtsgericht Montabaur, HRB 5452
Geschäftsführer: Alexander Charles, Dr. Michael Hagenau, Thomas Ludwig,
Dr. Verena Patzelt
Member of United Internet
Diese E-Mail kann vertrauliche und/oder gesetzlich geschützte
Informationen enthalten. Wenn Sie nicht der bestimmungsgemäße Adressat
sind oder diese E-Mail irrtümlich erhalten haben, unterrichten Sie bitte
den Absender und vernichten Sie diese E-Mail. Anderen als dem
bestimmungsgemäßen Adressaten ist untersagt, diese E-Mail zu speichern,
weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden.
This e-mail may contain confidential and/or privileged information. If
you are not the intended recipient of this e-mail, you are hereby
notified that saving, distribution or use of the content of this e-mail
in any way is prohibited. If you have received this e-mail in error,
please notify the sender and delete the e-mail.
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
