Re: [Ietf-dkim] DKIM update - header tag
-1. The v= tag description is accurate. There is no current DKIM design expectation for any other string value. The current spec is `v=DKIM1`. Any software writing `v=DKIM1.0` is technically “broken” and should not be encourage to exist or perpetuate. IOW, software should not process the record if it’s not literally `v=DKIM1` and if the `v=` tag is missing, the default is `v=DKIM1`. If software want to consider preparing for the future with different v= tag string values describing an extended DKIM specification, it is always possible to have this. But for the current spec and standard, `v=DKIM1` is the only expectation, not `v=DKIM1.0` — there is no spec for this and the current spec is clear DKIM1 and DKIM1.0 are not the same, Thanks — HLS > On Mar 10, 2023, at 1:46 PM, Jan Dušátko > wrote: > > Dear, > I got recommendation to propose changes in that mailing group. > My work depend on appropriate protection of our brand, however this tasks > require also management of records required for that protection. We have huge > problem with identification of selector records required by DKIM and also > this make for us problem with compatibility. We would like to strongly follow > RFCs, but sometimes v=DKIM1 tag are resolved like issue as well as sometime > missing of that tag do the same. This is a reason, why I would like to > propose mitigation of problem, caused by word RECOMMENDED in standard RFC > 6376: > >v= Version of the DKIM key record (plain-text; RECOMMENDED, default > is "DKIM1"). If specified, this tag MUST be set to "DKIM1" > (without the quotes). This tag MUST be the first tag in the > record. Records beginning with a "v=" tag with any other value > MUST be discarded. Note that Verifiers must do a string > comparison on this value; for example, "DKIM1" is not the same as > "DKIM1.0". > > I would like to recommend change work RECOMMENDED to MANDATORY, where whole > article be after change > >v= Version of the DKIM key record (plain-text; MANDATORY, default > is "DKIM1"). If specified, this tag MUST be set to "DKIM1" > (without the quotes). This tag MUST be the first tag in the > record and this tag must exist. Records beginning with > a "v=" tag with any other valueMUST be discarded. Note that > Verifiers must do a string comparison on this value; for > example, "DKIM1" is not the same as "DKIM1.0". > > > ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] DKIM update - header tag
Dne 13. 3. 2023 v 16:08 Murray S. Kucherawy napsal(a): On Fri, Mar 10, 2023 at 10:48 AM Jan Dušátko wrote: I got recommendation to propose changes in that mailing group. My work depend on appropriate protection of our brand, however this tasks require also management of records required for that protection. We have huge problem with identification of selector records required by DKIM and also this make for us problem with compatibility. We would like to strongly follow RFCs, but sometimes v=DKIM1 tag are resolved like issue as well as sometime missing of that tag do the same. This is a reason, why I would like to propose mitigation of problem, caused by word RECOMMENDED in standard RFC 6376: [...] Just to clarify: Are you saying the identification of a DKIM record in the DNS is uncertain unless "v=DKIM1" is present? -MSK Yes, exactly, you are right. Although DKIM FQDN records must be in the format [selector]._domainkey.domain.tld, this not impact any records prepared to create CNAME for other domains. As for the internal format, if the record contains only a key (p="base64encodedkey"), it is difficult to verify whether it is really a DKIM record. Especially in the case of a corrupted encoded record. Jan -- -- --- - - Jan Dušátko Tracker number: +420 602 427 840 e-mail: j...@dusatko.org GPG Signature: https://keys.dusatko.org/E535B585.asc GPG Encrypt:https://keys.dusatko.org/B76A1587.asc ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] DKIM update - header tag
On Fri, Mar 10, 2023 at 10:48 AM Jan Dušátko wrote: > I got recommendation to propose changes in that mailing group. > My work depend on appropriate protection of our brand, however this > tasks require also management of records required for that protection. > We have huge problem with identification of selector records required by > DKIM and also this make for us problem with compatibility. We would like > to strongly follow RFCs, but sometimes v=DKIM1 tag are resolved like > issue as well as sometime missing of that tag do the same. This is a > reason, why I would like to propose mitigation of problem, caused by > word RECOMMENDED in standard RFC 6376: > [...] > Just to clarify: Are you saying the identification of a DKIM record in the DNS is uncertain unless "v=DKIM1" is present? -MSK ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
[Ietf-dkim] DKIM update - header tag
Dear, I got recommendation to propose changes in that mailing group. My work depend on appropriate protection of our brand, however this tasks require also management of records required for that protection. We have huge problem with identification of selector records required by DKIM and also this make for us problem with compatibility. We would like to strongly follow RFCs, but sometimes v=DKIM1 tag are resolved like issue as well as sometime missing of that tag do the same. This is a reason, why I would like to propose mitigation of problem, caused by word RECOMMENDED in standard RFC 6376: v= Version of the DKIM key record (plain-text; RECOMMENDED, default is "DKIM1"). If specified, this tag MUST be set to "DKIM1" (without the quotes). This tag MUST be the first tag in the record. Records beginning with a "v=" tag with any other value MUST be discarded. Note that Verifiers must do a string comparison on this value; for example, "DKIM1" is not the same as "DKIM1.0". I would like to recommend change work RECOMMENDED to MANDATORY, where whole article be after change v= Version of the DKIM key record (plain-text; MANDATORY, default is "DKIM1"). If specified, this tag MUST be set to "DKIM1" (without the quotes). This tag MUST be the first tag in the record and this tag must exist. Records beginning with a "v=" tag with any other valueMUST be discarded. Note that Verifiers must do a string comparison on this value; for example, "DKIM1" is not the same as "DKIM1.0". -- -- --- - - Jan Dušátko Tracker number: +420 602 427 840 e-mail: j...@dusatko.org GPG Signature: https://keys.dusatko.org/E535B585.asc GPG Encrypt:https://keys.dusatko.org/B76A1587.asc ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim