IETF Logo Mail Archive

Re: [ietf-dkim] versions, Where is the formal definition of DKIM-Signature?

"John R. Levine" <johnl@iecc.com> Fri, 09 February 2018 22:33 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C58B01270FC for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Fri, 9 Feb 2018 14:33:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.79
X-Spam-Level:
X-Spam-Status: No, score=-1.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1536-bit key) reason="fail (message has been altered)" header.d=iecc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R_NanjUN5izW for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Fri, 9 Feb 2018 14:33:48 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F809126D3F for <ietf-dkim-archive@ietf.org>; Fri, 9 Feb 2018 14:33:48 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w19MWhsd000815; Fri, 9 Feb 2018 14:32:44 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=iecc.com header.i=@iecc.com header.b=NBb6uLqO; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from gal.iecc.com (gal.iecc.com [64.57.183.53]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w19MWeHW000810 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <ietf-dkim@mipassoc.org>; Fri, 9 Feb 2018 14:32:41 -0800
Received: (qmail 67842 invoked from network); 9 Feb 2018 22:31:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent; s=10900.5a7e214e.k1802; bh=oThIuw9uI7JW8vCMbkJlDYlymtRJFSJsLuniQ2XXw5o=; b=NBb6uLqONBQ176C7A7ObhKLQVCL2o89GgHGEE0EgAEEDrFmbrV3Rn6dAZnEcJBOYPQCghG9/0tLf89HRDqFoQShZt/J/DPgGYbfQvF3OERH1/MRagj5NJe9oLAAxUOzK8CSTko5NmpypSnjX6oaWJhhOEkHXI1fuMDuMbblJp9MrCf/JKu2QPnxLudK22aySkDLwrEe8t2HdXHKJD8XxCqTCO4NAuldT9ucLVnbmMjqMuI+GPE+zYWFdtSTP1TmV
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 09 Feb 2018 22:31:41 -0000
Date: Fri, 09 Feb 2018 17:31:41 -0500
Message-ID: <alpine.OSX.2.21.1802091731220.56915@ary.qy>
From: "John R. Levine" <johnl@iecc.com>
To: DKIM List <ietf-dkim@mipassoc.org>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Subject: Re: [ietf-dkim] versions, Where is the formal definition of DKIM-Signature?
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

In article <20180209202621.31355.qmail@f3-external.bushwire.net>,
Mark Delany <sx6un-fcsr7@qmda.emu.st> wrote:
> Oh I dunno. The precedent of RFC822 - the very standard we rely on - has
> survived numerous upgraded and enhancements over a 36 year period and managed
> to do just fine without a version.

RFC 822 may not have versions but 821/2821/5321 sure do.

As soon as 2821 added EHLO, SMTP got service extensions and pretty
much by their nature, those extensions are not backward compatible.

Well-known examples are 8BITMIME and SMTPUTF8.  If you have a message that needs
one of those and the server you're trying to send it to doesn't support the
extension, you lose, the message bounces.  (A sending host might try to rewrite
MIME bodies to avoid 8BITMIME but it's a long time since I've seen anyone try
that, and it'd break DKIM signatures, so it probably wouldn't help.)

Nonetheless, we seem to have survived.

The DKIM v=2 hack I proposed is a lot like SMTP extensions in that if
your signature doesn't need the new semantics, don't ask for them, so
you should sign with v=1, so the old and new will coexist forever.
Since they can easily be handled by the same signing and verifying
libraries, that's not a problem.
-- 
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly


_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email