Re: [ietf-dkim] versions of RFC822 mail messages, Where is the formal definition of DKIM-Signature?

Dave Crocker <dcrocker@bbiw.net> Sat, 10 February 2018 17:27 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33AB912D779 for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Sat, 10 Feb 2018 09:27:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bbiw.net header.b=E6doKBGb; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=bbiw.net header.b=OMAacO+Z
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OVJ8OPooe4im for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Sat, 10 Feb 2018 09:27:19 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B6EC1276AF for <ietf-dkim-archive@ietf.org>; Sat, 10 Feb 2018 09:27:19 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w1AHQaov010219; Sat, 10 Feb 2018 09:26:36 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bbiw.net; s=default; t=1518283599; bh=47zWNIfrO/edQ8OAE37yn8HuWOD/mNSwuUiFqt0vuH8=; h=To:References:From:Date:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From; b=E6doKBGbndfBbS5Vl4tXnyjKvdEdr1sZVjYq/4FvejfeFJSfxQ+82j0jz/tnTaWRa DfPeBTkVeJzx2qSmsH2eYxIcshkafG8kVxt9o7VpKKqaLi528fO9NsocEXE9y9SJZo 5/ODSEeF9S5RDqQXrIxyHyhzconrAkh5nyzQOVkM=
Received: from [192.168.1.5] (236.sub-174-215-16.myvzw.com [174.215.16.236]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w1AHQYYl010211 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 10 Feb 2018 09:26:34 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bbiw.net; s=default; t=1518283595; bh=M5xgUca9HO387PUPOltXP/g2OF+pgH/4f1f2SHbSVV8=; h=Subject:To:References:From:Date:In-Reply-To:From; b=OMAacO+Z+yxb91HBo57IOdUR283sV2d5UsNS0Dhki1MwA2p6g1Mrdq3RzqanJRjw5 HGOzoLltkdRoZSj+eCst8RbvotI1cnKpCGDXUYY8zXmogYCv1PEb1rojTXDh0Y/7sB JhE62kzLvmsUQLmNsaJNPcHN+9qLPACamxlk2Ao8=
To: John Levine <johnl@taugh.com>, ietf-dkim@mipassoc.org
References: <20180210155011.3735B1A7DD64@ary.qy>
From: Dave Crocker <dcrocker@bbiw.net>
Organization: Brandenburg InternetWorking
Message-ID: <47dd136e-e122-9bd2-8cf1-7a712770d930@bbiw.net>
Date: Sat, 10 Feb 2018 09:25:28 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <20180210155011.3735B1A7DD64@ary.qy>
Content-Language: en-US
Subject: Re: [ietf-dkim] versions of RFC822 mail messages, Where is the formal definition of DKIM-Signature?
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

On 2/10/2018 7:50 AM, John Levine wrote:
> The idea with DKIM v=2 is that there are things that you cannot say in
> a v=1 signature, no matter how many new tags you add, so you need some
> way to tell verifiers what they need to understand.  How about this?
> 
> We rebrand the v= tag to be a feature list so the syntax is now roughly
> 
>    v= word (, word)*
> 
> where each word describes a semantic feature.  Feature tag "1" is all
> the stuff in RFC6376.  My feature is mandatory to understand tags,
> feature name "mandatory", so the signatures start

The listing of 'authorized' features makes sense when the usage may 
occur later in the session, as it does with ESMTP, for giving the other 
side permission to use those features.  It makes no sense at all for a 
unilateral exchange where one side uses whatever it feels like and the 
other side -- getting all this later -- either likes it or doesn't. 
That is there are no contingent behaviors in the exchange.

In a unilateral activity like DKIM, the mere presence of the usage 
"featurex=..." serves to flag that featurex is used.  There is no 
incremental benefit into moving the flag elsehwere.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html