IETF Logo Mail Archive

Re: [Ietf-dkim] RFC 8463: DNS textual form underspecified

Scott Kitterman <ietf-dkim@kitterman.com> Sun, 14 April 2024 01:21 UTC

Return-Path: <ietf-dkim@kitterman.com>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1558AC14F615 for <ietf-dkim@ietfa.amsl.com>; Sat, 13 Apr 2024 18:21:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="UjL1iAYb"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="RLnao+2X"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EJNuFuL5nyff for <ietf-dkim@ietfa.amsl.com>; Sat, 13 Apr 2024 18:21:07 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99964C14F60F for <ietf-dkim@ietf.org>; Sat, 13 Apr 2024 18:21:07 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 75CD6F80163; Sat, 13 Apr 2024 21:20:56 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1713057635; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=l5AIl5xMQwVPBuQwxW3uNl9pJg0hrdFpPM4obLS59x0=; b=UjL1iAYbFnnfRdUbu2qDGq56zrRb2ysdykvbR3T22+I3UKQl+JBb60b2AxW/dOCaLfgUf 8B759uXTWkhKbs4Dg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1713057635; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=l5AIl5xMQwVPBuQwxW3uNl9pJg0hrdFpPM4obLS59x0=; b=RLnao+2X6eUHPerxpktyvzlp9RpIswO6D30XGHVLVDhsQXPSXHxc4cP3BgVcp2tgjuM7w UzI8zmTQ1Jf4lonWqJEJwftEtZRxYYbtpO0yDUnuOcveut3SSVIMrkCyLDXKJqAk20s89yq ybOdFcLevGZ3v7Ya5SU1mLy92EONe65SJLMkSoOzp1jt6orSz65tKdYZ9WZl769fdwb7EdD opsNUYAHQolc7eADKn1bDXvvyKFYY4IBEzBLgDmWtw8vVnLyDn+J4EP3q6WVVwfOTAqQC0B +ypoySSwU/Pd9DsEdJ1N4GTy9zAppFuy3laohplhXRAIf35STK1Npwk8xsNw==
Received: from [127.0.0.1] (mobile-166-170-29-72.mycingular.net [166.170.29.72]) by interserver.kitterman.com (Postfix) with ESMTPSA id 44DC4F8009F; Sat, 13 Apr 2024 21:20:35 -0400 (EDT)
Date: Sun, 14 Apr 2024 01:20:29 +0000
From: Scott Kitterman <ietf-dkim@kitterman.com>
To: ietf-dkim@ietf.org
In-Reply-To: <20240414005126.pzjJO4pr@steffen%sdaoden.eu>
References: <20240414005126.pzjJO4pr@steffen%sdaoden.eu>
Message-ID: <5368AC9A-51D5-4AEC-AB19-613DBEAD7C5B@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/U7L6mCocuwruXPztaUU7cQ5A34g>
Subject: Re: [Ietf-dkim] RFC 8463: DNS textual form underspecified
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Apr 2024 01:21:13 -0000


On April 14, 2024 12:51:26 AM UTC, Steffen Nurpmeso <steffen@sdaoden.eu> wrote:
>Hello.
>
>Thanks to Hanno Böck (known from ossec and more) i was pointed to
>my falsely published ED25519 DKIM key.
>Until now that simply was the complete ED25519 public key, just
>like for RSA, instead of extracting the actual "bitstring data"
>from the standardized ASN.1 container, which starts at offset 16
>(or -offset=12 if you use "openssl asn1parse -noout -out -" aka
>the binary blob).
>
>I realize that RFC 8463 says repeatedly that the base64-encoded
>representation of an ED25519 key is 44 bytes, and that the
>examples go for this.  Still there is no wording that the entire
>ASN.1 structure shall be thrown away.


At the time we wrote what became RFC 8463, ASN.1 for ED25519 was not specified yet.  Openssl didn't support ED25119 either.  I'm not sure what you think we should have put in that we didn't.

It seems to me that you are saying that the RFC is correct and clear, but that you were certain you knew better than the RFC.  That's not a thing an RFC can fix.

Scott K

v2.23.0 | Report a Bug | By Email