[Ietf-dkim] RFC 8463: errata needed?
Hello. So i have had a problem with the little DKIM sign milter i had written in that users (receivers, actually) reported back that the ED25519 signature produces verification failures (i saw result headers of two, and got informed of a third). And some of the publically accessible DKIM test sites that were announced here also fail, as timely as last Saturday night. Now, that i did not understand since the RSA is waved through by any counterpart i have ever seen, and the code path is the very same, and then also i am doing nothing, it is all OpenSSL. (Having said that, my published public key was not "raw" but of ASN.1 format which Hanno Böck informed me of, back in April i think.) Therefore i took RFC 8032 from Simon Josefsson, which is a fantastic thing (beyond my mathematical and cryptographical understanding) that includes a complete default implementation of the algorithm as such! (And it needs nothing external but SHA-512 from the standard python hashlib in addition.) So i took that code and modified the actual driver a litte bit for my purpose, and it occurred to me that my sofware generates correct signatures. (There is one test outstanding that beats onto the canonicalization, but since that works for RSA; anyway i want to integrate the outcome in the unit test, thus.) Anyhow, i had a look around the DKIM implementations, and most of them have near-nil ed25519 tests. Some exactly one. Anyhow. But that is not why i come here, yet, except that possibly you who read this and whose software verification fails the signature of this email should possibly have a look again. I come here because alongside the above i had a look at RFC 8463 again, and its example in "A.3. Signed Message". And if i use its "A.1. Secret Keys", and (manually) normalize the example message header of A.3 via "relaxed" from/to From: Joe SixPack from:Joe SixPack ^M$ To: Suzie Q to:Suzie Q ^M$ Subject: Is dinner ready? subject:Is dinner ready?^M$ Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT) date:Fri, 11 Jul 2003 21:00:37 -0700 (PDT)^M$ Message-ID: <20030712040037.46341.5...@football.example.com> message-id:<20030712040037.46341.5...@football.example.com>^M$ plus dkim-signature:v=1; a=ed25519-sha256; c=relaxed/relaxed; d=football.example.com; i=@football.example.com; q=dns/txt; s=brisbane; t=1528637909; h=from : to : subject : date : message-id : from : subject : date; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b= which seems correct to me, and pass that through RFC 8032 code: privkey: b'nWGxne/9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A=\n' pubkey : b'11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo=\n' The message is: >>>b'from:Joe SixPack \r\nto:Suzie Q \r\nsubject:Is dinner ready?\r\ndate:Fri, 11 Jul 2003 21:00:37 -0700 (PDT)\r\nmessage-id:<20030712040037.46341.5...@football.example.com>\r\ndkim-signature:v=1; a=ed25519-sha256; c=relaxed/relaxed; d=football.example.com; i=@football.example.com; q=dns/txt; s=brisbane; t=1528637909; h=from : to : subject : date : message-id : from : subject : date; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b='<<< then i get Signature: b'QGeDV9CRdXSybek0z54GoycZ4/kl1PsNnGoOsCZ0ZOOwiGYFE8Ft0SZpy1XLW/fwlwNFC1k6VaxsnQAH8+9cAA==\n' Signature verifies: True instead of the /gCrinpcQOoIfuHNQIbq4pgh9kyIK3AQUdt9OdqQehSwhEIug4D11BusFa3bT3FY5OsU7ZbnKELq+eXdp1Q1Dw== of RFC 8463. So either i am totally confused and "have tomatoes on my eyes", or this is an errata (and it seems other implementation(s) have a problem). Ciao, --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) ___ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
[Ietf-dkim] Re: RFC 8463: errata needed?
On May 8, 2024 11:25:11 PM UTC, Steffen Nurpmeso wrote: >Hello. > >So i have had a problem with the little DKIM sign milter i had >written in that users (receivers, actually) reported back that the >ED25519 signature produces verification failures (i saw result >headers of two, and got informed of a third). >And some of the publically accessible DKIM test sites that were >announced here also fail, as timely as last Saturday night. > >Now, that i did not understand since the RSA is waved through by >any counterpart i have ever seen, and the code path is the very >same, and then also i am doing nothing, it is all OpenSSL. >(Having said that, my published public key was not "raw" but of >ASN.1 format which Hanno Böck informed me of, back in April >i think.) > >Therefore i took RFC 8032 from Simon Josefsson, which is >a fantastic thing (beyond my mathematical and cryptographical >understanding) that includes a complete default implementation of >the algorithm as such! (And it needs nothing external but SHA-512 >from the standard python hashlib in addition.) > >So i took that code and modified the actual driver a litte bit for >my purpose, and it occurred to me that my sofware generates >correct signatures. (There is one test outstanding that beats >onto the canonicalization, but since that works for RSA; anyway >i want to integrate the outcome in the unit test, thus.) > >Anyhow, i had a look around the DKIM implementations, and most of >them have near-nil ed25519 tests. Some exactly one. Anyhow. >But that is not why i come here, yet, except that possibly you who >read this and whose software verification fails the signature of >this email should possibly have a look again. > >I come here because alongside the above i had a look at RFC 8463 >again, and its example in "A.3. Signed Message". >And if i use its "A.1. Secret Keys", and (manually) normalize the >example message header of A.3 via "relaxed" from/to > > From: Joe SixPack > from:Joe SixPack ^M$ > To: Suzie Q > to:Suzie Q ^M$ > Subject: Is dinner ready? > subject:Is dinner ready?^M$ > Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT) > date:Fri, 11 Jul 2003 21:00:37 -0700 (PDT)^M$ > Message-ID: <20030712040037.46341.5...@football.example.com> > message-id:<20030712040037.46341.5...@football.example.com>^M$ > >plus > > dkim-signature:v=1; a=ed25519-sha256; c=relaxed/relaxed; > d=football.example.com; i=@football.example.com; q=dns/txt; s=brisbane; > t=1528637909; h=from : to : subject : date : message-id : from : subject : > date; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b= > >which seems correct to me, and pass that through RFC 8032 code: > > privkey: b'nWGxne/9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A=\n' > pubkey : b'11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo=\n' > The message is: > >>>b'from:Joe SixPack \r\nto:Suzie Q > \r\nsubject:Is dinner ready?\r\ndate:Fri, 11 Jul > 2003 21:00:37 -0700 > (PDT)\r\nmessage-id:<20030712040037.46341.5...@football.example.com>\r\ndkim-signature:v=1; > a=ed25519-sha256; c=relaxed/relaxed; d=football.example.com; > i=@football.example.com; q=dns/txt; s=brisbane; t=1528637909; h=from : to : > subject : date : message-id : from : subject : date; > bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b='<<< > >then i get > > Signature: > b'QGeDV9CRdXSybek0z54GoycZ4/kl1PsNnGoOsCZ0ZOOwiGYFE8Ft0SZpy1XLW/fwlwNFC1k6VaxsnQAH8+9cAA==\n' > Signature verifies: True > >instead of the > > > /gCrinpcQOoIfuHNQIbq4pgh9kyIK3AQUdt9OdqQehSwhEIug4D11BusFa3bT3FY5OsU7ZbnKELq+eXdp1Q1Dw== > >of RFC 8463. So either i am totally confused and "have tomatoes >on my eyes", or this is an errata (and it seems other >implementation(s) have a problem). There are multiple implementations that are interoperable with each other and match the values in the RFC. My first guess would not be a specification error. Scott K ___ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
