On 10/20/2013 9:43 AM, Barry Leiba wrote:
> No, wait: the reporter is confused, both about this errata report and
> the companion one (h= vs a=).
>
> Majid & Nazilla: You are looking at the section related to the key
> records in DNS, and reading it as though it were about the signature
> header in the message.
>
> It's true that "v=1" is correct in the signature, and that in the
> signature "h=" lists headers that are covered by the signature. But
> in the key record in dns, it's different, and RFC 6376 is correct.
I admit that I also got confused a few times while working on the DKIM
documents and keeping it straight as to which section was referring to
which set of arguments. Having them use different values and different
tags for items that were conceptually the same was an unfortunate aspect
of the history behind DKIM. If we had had no history to consider when we
first created DKIM, I think it would have been better to make things
match better, such as using a= for both specifications of algorithm, and
using v=DKIM1 for both version numbers.
But we didn't have that luxury, so we are stuck with our current situation.
Perhaps, if this document is ever cracked open again, it would be useful
to tag things better to make it painfully obvious what is being
discussed. For example,
v= [Signature] Version (plain-text; REQUIRED) ...
a= [Signature] The algorithm used to generate the signature (plain-text;
REQUIRED). ...
...
v= [Key] Version of the DKIM key record (plain-text; RECOMMENDED, default
is "DKIM1").
h= [Key] Acceptable hash algorithms (plain-text; OPTIONAL, defaults to
allowing all algorithms).
But this is unlikely to happen.
Tony Hansen
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
