Re: [Ietf-dkim] Question regarding RFC 6376
David Harris <David.Harris@pmail.gen.nz> Mon, 11 March 2024 21:04 UTC
Return-Path: <David.Harris@pmail.gen.nz>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3873C14F712 for <ietf-dkim@ietfa.amsl.com>; Mon, 11 Mar 2024 14:04:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HI-XGPorOLwS for <ietf-dkim@ietfa.amsl.com>; Mon, 11 Mar 2024 14:04:41 -0700 (PDT)
Received: from hera.pmail.gen.nz (hera.pmail.gen.nz [192.156.225.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0963EC14F70C for <ietf-dkim@ietf.org>; Mon, 11 Mar 2024 14:04:39 -0700 (PDT)
Received: from Spooler by hera.pmail.gen.nz (Mercury/32 v4.91.226) ID MO0243FA; 12 Mar 2024 10:00:07 +1300
Received: from spooler by hera.pmail.gen.nz (Mercury/32 v4.91.349); 12 Mar 2024 09:59:52 +1300
From: David Harris <David.Harris@pmail.gen.nz>
Organization: Pegasus Mail
To: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Tue, 12 Mar 2024 09:59:43 +1300
MIME-Version: 1.0
CC: ietf-dkim@ietf.org
Message-ID: <65EF70BF.4348.19B35EDA@David.Harris.pmail.gen.nz>
Priority: normal
In-reply-to: <CAL0qLwZyf6oL-JDEeCiV=MWEDH8usF5cfrDQMOc=qFwKGGjFgw@mail.gmail.com>
References: <65EF0B08.26692.1826077F@David.Harris.pmail.gen.nz>, <CAL0qLwZyf6oL-JDEeCiV=MWEDH8usF5cfrDQMOc=qFwKGGjFgw@mail.gmail.com>
X-mailer: Pegasus Mail for Windows (4.81.1156)
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
Content-description: Mail message body
X-AC-Weight: [####] (Whitelisted) -9999
X-CC-Diagnostic:
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/NAbARCHQK54JcKZj9cw8ag1K-9I>
Subject: Re: [Ietf-dkim] Question regarding RFC 6376
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2024 21:04:43 -0000
Thank you for taking the time to answer my questions - most appreciated.
Your answer has addressed questions 1 and 2 for me. I'm still unclear on
certain aspects of question 3, though:
On 11 Mar 2024 at 8:54, Murray S. Kucherawy wrote:
> The signature is the result of base64-encoding the RSA encryption of
> the data-hash.
>
> The data-hash is the result of passing the canonicalized headers, in
> order, to the SHA algorithm. The canonicalized headers include, at
> the end, the incomplete DKIM-Signature field that's under
> construction. You then append the base64-encoded form of that
> signature to the incomplete DKIM-Signature field and attach it to the
> message.
The pseudocode for "sig-alg" says:
signature = sig-alg (d-domain, selector, data-hash)
I took this as meaning that the d-domain and selector strings need to be
passed to something before the data-hash; the problem was what that
"something" was - I had been assuming that it was a third hash that was then
signed, yet the rest of the section says (in more than one place) that only two
hashes are required.
Having read through your response, which describes the process as I was
originally expecting to follow it, I now wonder if this is another case of the
pseudocode having confused me as it did in question (1)... Are we perhaps
intended to read "d-domain" and "selector" as parameters that are used to
choose the appropriate signing key, rather than as input to the signed data
itself?
Again, my thanks for your help.
Cheers!
-- David --
------------------ David Harris -+- Pegasus Mail ----------------------
Box 5451, Dunedin, New Zealand | e-mail: David.Harris@pmail.gen.nz
Phone: Number provided on request only.
Sign seen in a Vienna hotel:
"In case of fire, do your utmost to alarm the hotel porter."
- [Ietf-dkim] Question regarding RFC 6376 David Harris
- Re: [Ietf-dkim] Question regarding RFC 6376 Murray S. Kucherawy
- Re: [Ietf-dkim] Question regarding RFC 6376 David Harris
- Re: [Ietf-dkim] Question regarding RFC 6376 Murray S. Kucherawy