DNS TXT records can contain multiple strings which we just concatenate to form a complete key record. That part's easily managed. However some people have taken it upon themselves to escape semi-colons for some reason, presumably because some programs like "dig" do that in their output, which in turn is done perhaps to disambiguate a literal semi-colon with one that starts a comment in a zone file.
The problem is that RFC4871 (DKIM) doesn't say that "\" is a special character (at least nowhere that I can find) so something like this: k=rsa\; t=y\; g=*\; p=<base64stuff> ...means the value of "k" for example is "rsa\" which doesn't match any of the key methods we know and thus the record will get discarded. So if a user constructs a key record using the output of "dig" as a starting point, and then it doesn't work, the cause will not be at all obvious. So, first: Is there anyplace, like in the ABNF specs, that codify "\" as a universal escape character and so I should be processing it as such if it's there even if the spec doesn't explicitly say so? And, second: Should implementors treat it as such, even if the spec doesn't say so, just to handle that situation? And, finally: Should we add text to the deployment document discussing this issue? _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html