IETF Logo Mail Archive

Re: [ietf-dkim] versions, Where is the formal definition of DKIM-Signature?

"Mark Delany" <sx6un-fcsr7@qmda.emu.st> Thu, 08 February 2018 20:33 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D630012D84D for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Thu, 8 Feb 2018 12:33:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.789
X-Spam-Level:
X-Spam-Status: No, score=-1.789 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emu.st
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MWUlH_QFyN-c for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Thu, 8 Feb 2018 12:33:48 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EFF0127333 for <ietf-dkim-archive@ietf.org>; Thu, 8 Feb 2018 12:33:48 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w18KX8aW018373; Thu, 8 Feb 2018 12:33:09 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=emu.st header.i=@emu.st header.b=irOmfStX; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from f3.bushwire.net (f3.bushwire.net [203.0.120.11]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w18KX4w5018360 for <ietf-dkim@mipassoc.org>; Thu, 8 Feb 2018 12:33:06 -0800
Received: by f3.bushwire.net (Postfix, from userid 1001) id 2A48D34AA0C; Fri, 9 Feb 2018 06:32:07 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=emu.st; s=2017; t=1518121927; bh=hC6LavB5wJ8DPZwp+LUbawDPoUY=; h=Comments:Received:Date:Message-ID:From:To:Subject:References: MIME-Version:Content-Type:Content-Disposition:In-Reply-To; b=irOmfStXaCU5WeipLPdpwJKZFf4D8qkuJvgtwQP2npCLNKcfwh3DOxcGrmP2XzWGa rMUD34cBtngc8hqFt2UeywQ914ZxiI/KmlmNqZXgKoAxegJA0zk5VQ/C24+KT7SVEe VgEMeP8+MB5XmUjk8Ezdmz5VAa4pVDje2mRMj8Fg=Mj8Fg=
Comments: QMDA 0.3a
Received: (qmail 26576 invoked by uid 1001); 8 Feb 2018 20:32:07 -0000
Date: Thu, 08 Feb 2018 20:32:07 +0000
Message-ID: <20180208203207.26575.qmail@f3-external.bushwire.net>
From: Mark Delany <sx6un-fcsr7@qmda.emu.st>
To: ietf-dkim@mipassoc.org
References: <alpine.OSX.2.21.1802080808160.51311@ary.qy> <CAL0qLwYZPRdrg-J5KMreS==SUcnAU1pZXwgFURs5T3=XaX4HOg@mail.gmail.com> <20180208161754.25028.qmail@f3-external.bushwire.net> <alpine.OSX.2.21.1802081148580.52386@ary.qy> <8269e2b7-0f10-95f6-a3c1-d320ac4749d0@bbiw.net> <alpine.OSX.2.21.1802081207120.52386@ary.qy> <87ca121d-19c3-ed75-3de0-5ee5938377cd@bbiw.net> <alpine.OSX.2.21.1802081244280.52386@ary.qy> <d7ef770e-3592-e876-6c98-5f0fbe56f7b9@bbiw.net> <alpine.OSX.2.21.1802081252290.52386@ary.qy>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <alpine.OSX.2.21.1802081252290.52386@ary.qy>
Subject: Re: [ietf-dkim] versions, Where is the formal definition of DKIM-Signature?
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

> True, but not very interesting.  In my spamassassin example, the outside 
> code knows nothing about DKIM versions, it just sees a dkim-signature 
> header and sends it to the DKIM library.
> 
> The point of a v=2 flag is to ensure that old v=1 code doesn't

As a practical matter haven't you effectively invented a new header?

After all, what are most senders going to do? They will not want their
signatures to be suddenly unrecognized by 99% of the planet so they'll continue
to generate a v=1 header and they will also want to reap the bennies of your
fantastic SpamAssassin feature so they'll additionally generate a v=2 header.

The end result is two DKIM-Signature headers with different versions for decades
to come. This will no doubt tweak some receiver is a negative way.

I think this is the biggest flaw with the whole v= rationale. There is never
going to be a v=2 change that doesn't leave everyone continuing to
generate/validate a v=1 header. Is a new header by stealth better engineering
than formalizing a new header?


Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email