Re: [Ietf-dkim] DKIM issues (tag "v=DKIM1", tag "p=")
Jan Dušátko <jan@dusatko.org> Mon, 12 June 2023 17:18 UTC
Return-Path: <jan@dusatko.org>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CC82C15E3FC for <ietf-dkim@ietfa.amsl.com>; Mon, 12 Jun 2023 10:18:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.099
X-Spam-Level:
X-Spam-Status: No, score=-7.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dusatko.org header.b="Vb1RkAqt"; dkim=pass (2048-bit key) header.d=dusatko.org header.b="ONbtQM2X"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HyQVTF8hSUEo for <ietf-dkim@ietfa.amsl.com>; Mon, 12 Jun 2023 10:18:16 -0700 (PDT)
Received: from vhost.cz (hermes.vhost.cz [82.208.29.84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB87DC15EB2E for <ietf-dkim@ietfa.amsl.com>; Mon, 12 Jun 2023 10:18:13 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.vhost.cz (Postfix) with ESMTP id 538F38001B for <ietf-dkim@ietfa.amsl.com>; Mon, 12 Jun 2023 19:18:10 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at hermes.vhost.cz
Received: from vhost.cz ([127.0.0.1]) by localhost (hermes.vhost.cz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tRTss1DWtvtf for <ietf-dkim@ietfa.amsl.com>; Mon, 12 Jun 2023 19:18:09 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dusatko.org; s=key2048; t=1686590289; bh=PDFx/L77Usjm61aRP3e2KPCCmMGWhytMEgZ8pg7Ulsg=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=Vb1RkAqtcQ0TCzIKTMs8omW6+Qup1rDM8/qAflvrwslMHc8DXOY/sO7tjEBdUabpF OTjMat96k8AKipoZjJ4mJItP4lv8hF3HtbdYHR4RrozVHM3ALgelFhZpvw3rhw+kh3 94VjjnHoSe2FMdN3m/xX6XikA1gfB3CP7PfBiwLNKSAaKoaPurlGBzq117WSwRpubB v6/S5cp4VNbbxydnZKlt0TxL6p/GgVpcxImAj8FsNhXhcvTHjFJCb0BJLuOTJsWSd8 SOFUZkVnRMZxHzh+kley8MftKdaGIa+/NczgBMobwabibYaY1uA8VnLQPG0k+6nd0B 2ePon0xiQ3MDA==
Received: by hermes.vhost.cz (Postfix, from userid 115) id 5FF5C8004B; Mon, 12 Jun 2023 19:18:09 +0200 (CEST)
X-Spam-Virus: _CLAMAVRESULT_
X-Spam-Pyzor: Reported 0 times.
X-Spam-DCC: :
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dusatko.org; s=key2048; t=1686590284; bh=PDFx/L77Usjm61aRP3e2KPCCmMGWhytMEgZ8pg7Ulsg=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=ONbtQM2Xz/3zDSOZmpJHtcw8+fE02GKz8Epw354o7YZJCG7OOpw8e7OLeG58Un5j1 +kXX57SLF0kofvRaXet6wBWsEZj52rygSdtQ/vwu3vbRj50f8VY6dQPQHnBNlhjFca nd0tyEzK6GTb1poIHG+RndmieVb8g4IEkA93nw2Co1d2EKiz1UxI5W3wZk+9tIQ5/i CJdEHwgCZdtGM6zfeWmmwwRpLhVDjzanzg62a2A4McVkYVJ1sjT0DiRdlClqmk+YJo j7SGzUNwBiNQdYklC3PMWpsMez99Kd1pkiO9JmQSAL0HTnd7XTiVtVk6Yh8v1lPwLu rjEP3HYA+d8Jw==
Received: from [192.168.1.160] (static-84-242-66-51.bb.vodafone.cz [84.242.66.51]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by hermes.vhost.cz (Postfix) with ESMTPSA id 6949E8001B; Mon, 12 Jun 2023 19:18:04 +0200 (CEST)
Message-ID: <5fad734b-0f8f-a0bc-9623-2b2106e93309@dusatko.org>
Date: Mon, 12 Jun 2023 19:18:03 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.11.2
Content-Language: en-GB
To: dcrocker@bbiw.net, "Murray S. Kucherawy" <superuser@gmail.com>
Cc: ietf-dkim@ietfa.amsl.com
References: <e2afdc9b-3c71-a045-8fff-0cd9095a8464@dusatko.org> <CAL0qLwbDufOOKrVSj4zwKvAgpmUNU7c0sWGjS-V380q1E0X1tA@mail.gmail.com> <be0733a8-f2b6-a4af-c7de-dd494e773954@dcrocker.net>
From: Jan Dušátko <jan@dusatko.org>
In-Reply-To: <be0733a8-f2b6-a4af-c7de-dd494e773954@dcrocker.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/7AXiBPYJHNIC_UmvwrPH3eSI4rU>
Subject: Re: [Ietf-dkim] DKIM issues (tag "v=DKIM1", tag "p=")
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2023 17:18:20 -0000
Murray, Dave I would like to ask another question about the following. - DomainKey (RFC 4870) only allows signatures to be used with RSA-SHA1 algorithm, which is now considered obsolete. I have not found support for other algorithms. - At the moment I am trying to monitor the frequency of signature occurrence with DomainKey and so far I have not found any occurrence. I would like to continue monitoring for about 3 months. - Given DomainKey's replacement with DKIM, the question is whether it would not be appropriate to declare DomainKey historic and no longer use it. In that case, there couldn't be problem to allow decomissioning of DomainKey. Regards Jan Dne 16. 5. 2023 v 18:00 Dave Crocker napsal(a): > On 5/16/2023 8:52 AM, Murray S. Kucherawy wrote: >> Also, a change to make this REQUIRED would take forever for the world >> to adapt. > As noted, if it's a TXT record and it is in a DKIM DNS naming path, it > better be a DKIM record. > > Also, versions numbers are pretty much useless. So leaving it out > does little damage. > > If a version change marks addition of some features, then the presence > of the features' markings are self-indicating. > > If a version change marks a change to the basic standard -- ie, a > change that is incompatible with the previous version -- then it is > not a version change. It is creation of a new protocol. > > c/ > -- -- --- ----- - Jan Dušátko Tracker number: +420 602 427 840 e-mail: jan@dusatko.org GPG Signature: https://keys.dusatko.org/E535B585.asc GPG Encrypt: https://keys.dusatko.org/B76A1587.asc
- [Ietf-dkim] DKIM issues (tag "v=DKIM1", tag "p=") Jan Dušátko
- Re: [Ietf-dkim] DKIM issues (tag "v=DKIM1", tag "… Steve Atkins
- Re: [Ietf-dkim] DKIM issues (tag "v=DKIM1", tag "… Steve Atkins
- Re: [Ietf-dkim] DKIM issues (tag "v=DKIM1", tag "… Murray S. Kucherawy
- Re: [Ietf-dkim] DKIM issues (tag "v=DKIM1", tag "… Dave Crocker
- Re: [Ietf-dkim] DKIM issues (tag "v=DKIM1", tag "… Jan Dušátko
- Re: [Ietf-dkim] DKIM issues (tag "v=DKIM1", tag "… Jan Dušátko
- Re: [Ietf-dkim] DKIM issues (tag "v=DKIM1", tag "… Barry Leiba
- Re: [Ietf-dkim] DKIM issues (tag "v=DKIM1", tag "… Dave Crocker