On 10/20/2013 9:43 AM, Barry Leiba wrote: > No, wait: the reporter is confused, both about this errata report and > the companion one (h= vs a=). > > Majid & Nazilla: You are looking at the section related to the key > records in DNS, and reading it as though it were about the signature > header in the message. > > It's true that "v=1" is correct in the signature, and that in the > signature "h=" lists headers that are covered by the signature. But > in the key record in dns, it's different, and RFC 6376 is correct.
I admit that I also got confused a few times while working on the DKIM documents and keeping it straight as to which section was referring to which set of arguments. Having them use different values and different tags for items that were conceptually the same was an unfortunate aspect of the history behind DKIM. If we had had no history to consider when we first created DKIM, I think it would have been better to make things match better, such as using a= for both specifications of algorithm, and using v=DKIM1 for both version numbers. But we didn't have that luxury, so we are stuck with our current situation. Perhaps, if this document is ever cracked open again, it would be useful to tag things better to make it painfully obvious what is being discussed. For example, v= [Signature] Version (plain-text; REQUIRED) ... a= [Signature] The algorithm used to generate the signature (plain-text; REQUIRED). ... ... v= [Key] Version of the DKIM key record (plain-text; RECOMMENDED, default is "DKIM1"). h= [Key] Acceptable hash algorithms (plain-text; OPTIONAL, defaults to allowing all algorithms). But this is unlikely to happen. Tony Hansen
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html