[Dcrup] [Errata Rejected] RFC8463 (7930)

RFC Errata System <rfc-editor@rfc-editor.org> Mon, 13 May 2024 15:01 UTC

Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E062C1D4CD2; Mon, 13 May 2024 08:01:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.648
X-Spam-Level:
X-Spam-Status: No, score=-1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mSq0afSgEKFG; Mon, 13 May 2024 08:01:14 -0700 (PDT)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E96EC1D4A88; Mon, 13 May 2024 08:01:14 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 616BF4DF2C9; Mon, 13 May 2024 08:01:14 -0700 (PDT)
To: steffen@sdaoden.eu, standards@taugh.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240513150114.616BF4DF2C9@rfcpa.amsl.com>
Date: Mon, 13 May 2024 08:01:14 -0700
Message-ID-Hash: QEQUXFL4L7IB2LXN5T6TMX3ALDC5VC3T
X-Message-ID-Hash: QEQUXFL4L7IB2LXN5T6TMX3ALDC5VC3T
X-MailFrom: wwwrun@rfcpa.amsl.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dcrup.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: superuser@gmail.com, iesg@ietf.org, dcrup@ietf.org, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Dcrup] [Errata Rejected] RFC8463 (7930)
List-Id: DKIM Crypto Update <dcrup.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/TzAi5t0ekZCsZxI7c1doPYje_rY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Owner: <mailto:dcrup-owner@ietf.org>
List-Post: <mailto:dcrup@ietf.org>
List-Subscribe: <mailto:dcrup-join@ietf.org>
List-Unsubscribe: <mailto:dcrup-leave@ietf.org>

The following errata report has been rejected for RFC8463,
"A New Cryptographic Signature Method for DomainKeys Identified Mail (DKIM)".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7930

--------------------------------------
Status: Rejected
Type: Technical

Reported by: Steffen Nurpmeso <steffen@sdaoden.eu>
Date Reported: 2024-05-09
Rejected by: Murray Kucherawy (IESG)

Section: A.3

Original Text
-------------
It is about the DKIM signature, baby, it is

/gCrinpcQOoIfuHNQIbq4pgh9kyIK3AQUdt9OdqQehSwhEIug4D11BusFa3bT3FY5OsU7ZbnKELq+eXdp1Q1Dw==

(even though this pastes terribly in this HTML)

Corrected Text
--------------
The signature should be

QGeDV9CRdXSybek0z54GoycZ4/kl1PsNnGoOsCZ0ZOOwiGYFE8Ft0SZpy1XLW/fwlwNFC1k6VaxsnQAH8+9cAA==

Notes
-----
On the DKIM list i wrote

>I come here because alongside the above i had a look at RFC 8463
>again, and its example in "A.3.  Signed Message".
>And if i use its "A.1.  Secret Keys", and (manually) normalize the
>example message header of A.3 via "relaxed"
[.]
>and pass that through RFC 8032 code:

>  privkey: b'nWGxne/9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A=\n'
>  pubkey : b'11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo=\n'
>  The message is:
>  >>>b'from:Joe SixPack <joe@football.example.com>\r\nto:Suzie Q <suzie@shopping.example.net>\r\nsubject:Is dinner ready?\r\ndate:Fri, 11 Jul 2003 21:00:37 -0700 (PDT)\r\nmessage-id:<20030712040037.46341.5F8J@football.example.com>\r\ndkim-signature:v=1; a=ed25519-sha256; c=relaxed/relaxed; d=football.example.com; i=@football.example.com; q=dns/txt; s=brisbane; t=1528637909; h=from : to : subject : date : message-id : from : subject : date; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b='<<<
>
>then i get
>
>  Signature: b'QGeDV9CRdXSybek0z54GoycZ4/kl1PsNnGoOsCZ0ZOOwiGYFE8Ft0SZpy1XLW/fwlwNFC1k6VaxsnQAH8+9cAA==\n'
>  Signature verifies: True
 --VERIFIER NOTES-- 
The RFC is correct as-is.  The process applied by the erratum author deviates from the algorithm used by DKIM.

--------------------------------------
RFC8463 (draft-ietf-dcrup-dkim-crypto-14)
--------------------------------------
Title               : A New Cryptographic Signature Method for DomainKeys Identified Mail (DKIM)
Publication Date    : September 2018
Author(s)           : J. Levine
Category            : PROPOSED STANDARD
Source              : DKIM Crypto Update
Stream              : IETF
Verifying Party     : IESG