Re: [ietf-dkim] domain keys, the h tag, and the reflector at sendmail.net
Eric Allman <eric+dkim@sendmail.org> Tue, 11 September 2007 21:22 UTC
Return-path: <ietf-dkim-bounces@mipassoc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IVDBS-0007jq-MD for ietf-dkim-archive@lists.ietf.org; Tue, 11 Sep 2007 17:22:10 -0400
Received: from mail.songbird.com ([208.184.79.10]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IVDBR-0007Yy-8A for ietf-dkim-archive@lists.ietf.org; Tue, 11 Sep 2007 17:22:10 -0400
Received: from mail.songbird.com (sb7.songbird.com [127.0.0.1]) by mail.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id l8BLJIfc031652; Tue, 11 Sep 2007 14:19:38 -0700
Received: from knecht.neophilic.com (dsl081-247-036.sfo1.dsl.speakeasy.net [64.81.247.36]) by mail.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id l8BLJGSF031635 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-dkim@mipassoc.org>; Tue, 11 Sep 2007 14:19:17 -0700
Received: from [10.0.2.3] (natted.sendmail.com [63.211.143.38]) by knecht.neophilic.com (8.14.1/8.13.6) with ESMTP id l8BLJA6r039405 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 11 Sep 2007 14:19:10 -0700 (PDT) (envelope-from eric+dkim@sendmail.org)
Date: Tue, 11 Sep 2007 14:19:08 -0700
From: Eric Allman <eric+dkim@sendmail.org>
To: dave <dave.wanta@123aspx.com>
Subject: Re: [ietf-dkim] domain keys, the h tag, and the reflector at sendmail.net
Message-ID: <4FC93F48C3E4DF5213AE0BD7@irma.neophilic.com>
In-Reply-To: <01a601c7f1c8$375885d0$0301a8c0@test93>
References: <01a601c7f1c8$375885d0$0301a8c0@test93>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Spam-Status: No, score=-2.3 required=4.0 tests=ALL_TRUSTED,BAYES_00, DATE_IN_FUTURE_48_96 autolearn=no version=3.1.7
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on knecht.neophilic.com
Cc: ietf-dkim@mipassoc.org
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955
Since no one else seems to want to bite, I will.... --On September 7, 2007 10:27:40 PM -0500 dave <dave.wanta@123aspx.com> wrote: > Hi, > (If this isn't the right list, please let me know where I can ask > this question) Well, this really isn't the right list, since DomainKeys and DKIM are not the same thing (although they are closely related). At this point I would recommend you be implementing DKIM rather than DK. That seems to be the direction the industry is going. > As an educational experiance, I'm writing my own domain keys > signer. I'm using the reflector at sendmail ( > sa-test[at]sendmail.net ) for testing. Everything is working fine, > except when I try to use the "h" tag. Then my domain-keys signature > fails as BAD. I'm going off of the spec: > draft-delany-domainkeys-base-06, which I believe is the latest spec > for domain keys. Actually RFC 4870 is as close as it gets to an official version. > I hope I'm asking the right questions here, so, feel free to ask for > clarification. > > It's my understanding that I use only the headers that are listed > in the "h" tag, and sign as if those were the only headers that > existed. Based on my recollection, that is correct. It is definitely true in DKIM. > for example, let's say I use the email sample found in the base-06 > spec. It has the following headers (hopefully this doesn't wrap too > bad): > > ------------ Start Sample -------- > From: "Joe SixPack" <joe@football.example.com> > To: "Suzie Q" <suzie@shopping.example.net> > Subject: Is dinner ready? > Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT) > Message-ID: <20030712040037.46341.5F8J@football.example.com> > > [body goes here] > ------------ End Sample -------- > > If the "h" tag is created like: > > h="subject:from"; > > It's my understanding that I would actually sign this content: > ------------ Start Sample -------- > Subject: Is dinner ready? > From: "Joe SixPack" <joe@football.example.com> > > [body goes here] > ------------ End Sample -------- > > Is that correct? In other words, I concatonate the "subject" and > "from" headers (in that order), add my blank line, and then the > body. I then sign that combination. It looks like that's correct based on a (very quick) scan of RFC 4870. eric _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html