Re: [Ietf-dkim] Question regarding RFC 6376
"Murray S. Kucherawy" <superuser@gmail.com> Tue, 12 March 2024 06:22 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCFFFC14F689 for <ietf-dkim@ietfa.amsl.com>; Mon, 11 Mar 2024 23:22:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ohn1P-EIS6qX for <ietf-dkim@ietfa.amsl.com>; Mon, 11 Mar 2024 23:22:19 -0700 (PDT)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 503B0C14F618 for <ietf-dkim@ietf.org>; Mon, 11 Mar 2024 23:22:19 -0700 (PDT)
Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-568619b2cb5so602675a12.1 for <ietf-dkim@ietf.org>; Mon, 11 Mar 2024 23:22:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710224537; x=1710829337; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=RsX/gqdu+w82PdObdjNFNBdfSBiCtv5slBfbktDxvIo=; b=AigS/bUQS3Kd/V0jIIPb7yIJ1ec71lOqwrwZh/v7LfshiXquSXhCtaYyqTMf9Bqdr8 qq92PpEWHgpNDUXcRN8z1uGOmMW7LyQtY0vRB5cT22rF07RiCTEa8LCjm4xzKUw54+G8 DKG0EWJ8+ajht/kJE8jD0QJ3KNTg/5mPx7ESPZSWR5+FiyPoIj8vYrZWYZOKg9CWgYow NE0BfA1U5vMOUpb1DZGNAlpWWH79Js7EgmJHoTU3g7rRbquSzwiuteEdswaZ2GW7BJ6q eEAoKPSNfvP5POYSEkr30zyJcamI5ybFDfM+z9vim7xmaMEbkGlLZSWZ6AyWoUxxPF17 NlGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710224537; x=1710829337; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RsX/gqdu+w82PdObdjNFNBdfSBiCtv5slBfbktDxvIo=; b=VDkznlwZ8iscSCu9yorY0Jyx37AVkBoe5cudXNShZeo7crxIfgz6VHMxiEf6Pu8EVU X0Cno1rQXYVb+LfhaIUyQZtTlpwIEVf+rffSBI5uY93xaceWd+NOygmPkPYBEOE3Tw/l fiA7HqWG/6ETLVdofp9xDjZK8pwWs+Vy+SJc5ZM607cj9zU1GADd4OFYV7sSlRouQKRb NzsmPxQGIDcPousFNmtpE4YwSv+4uhyXK/PiMLWt/KS9KxDqUndmJCoEeWMDD91XmG3g vWoSvvRPDOI7UhQlNQzazkCHuiqYP4yNvLA97nd7We0vP/v8gpmosftGl5+y0/S+MnhT AxrQ==
X-Gm-Message-State: AOJu0YyTtK9n6+F3Y6Bm+HwTAk8e5dGKcEud5qXxvm/PpciNTTgIWb5C MY0NmOLHfcr256apjGtgA7rpLWJTN4Jtsim+nQL3Bpno3oenaAkhxlit7aflo1VmP1Nv+ORnfkk kMAUlDHX0LCePVtRULVrfDUF3aFEdPn9s
X-Google-Smtp-Source: AGHT+IEk0te9c8ixwqvhHpdhHBZkLZuIJoNVLxsCwhs64r/0VjI+Tu8OdlfL1tJF37Fw85SoLnGIU4ocCGlkRjK+dUE=
X-Received: by 2002:a17:906:3041:b0:a46:485a:3163 with SMTP id d1-20020a170906304100b00a46485a3163mr193927ejd.6.1710224536800; Mon, 11 Mar 2024 23:22:16 -0700 (PDT)
MIME-Version: 1.0
References: <65EF0B08.26692.1826077F@David.Harris.pmail.gen.nz> <CAL0qLwZyf6oL-JDEeCiV=MWEDH8usF5cfrDQMOc=qFwKGGjFgw@mail.gmail.com> <65EF70BF.4348.19B35EDA@David.Harris.pmail.gen.nz>
In-Reply-To: <65EF70BF.4348.19B35EDA@David.Harris.pmail.gen.nz>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Mon, 11 Mar 2024 23:22:04 -0700
Message-ID: <CAL0qLwZF=j8KdpKY0eW_Lxr3Z0NNvoQE+ZWAswZAdttHfhLvAA@mail.gmail.com>
To: David Harris <David.Harris@pmail.gen.nz>
Cc: ietf-dkim@ietf.org
Content-Type: multipart/alternative; boundary="000000000000009331061370ae55"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/m6Jp2Tm6TneSrGkOFt-A2qcA5IM>
Subject: Re: [Ietf-dkim] Question regarding RFC 6376
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2024 06:22:19 -0000
On Mon, Mar 11, 2024 at 2:04 PM David Harris <David.Harris@pmail.gen.nz> wrote: > Thank you for taking the time to answer my questions - most appreciated. > > Your answer has addressed questions 1 and 2 for me. I'm still unclear on > certain aspects of question 3, though: > > [...] > > The pseudocode for "sig-alg" says: > > signature = sig-alg (d-domain, selector, data-hash) > > I took this as meaning that the d-domain and selector strings need to be > passed to something before the data-hash; the problem was what that > "something" was - I had been assuming that it was a third hash that was > then > signed, yet the rest of the section says (in more than one place) that > only two > hashes are required. > > Having read through your response, which describes the process as I was > originally expecting to follow it, I now wonder if this is another case of > the > pseudocode having confused me as it did in question (1)... Are we perhaps > intended to read "d-domain" and "selector" as parameters that are used to > choose the appropriate signing key, rather than as input to the signed > data > itself? > Yes. The d-domain and selector are used to compose the DNS name at which the verifier will look for the public key, so naturally that tuple also identifies the corresponding private key you need to use when signing. I suppose you could think of it this way as well: signature = sig-alg(private_key(d-domain, selector), data-hash) ...where the private_key() function yields the private key matching the (d-domain, selector) tuple. -MSK
- [Ietf-dkim] Question regarding RFC 6376 David Harris
- Re: [Ietf-dkim] Question regarding RFC 6376 Murray S. Kucherawy
- Re: [Ietf-dkim] Question regarding RFC 6376 David Harris
- Re: [Ietf-dkim] Question regarding RFC 6376 Murray S. Kucherawy