IETF Logo Mail Archive

Re: [ietf-dkim] versions, Where is the formal definition of DKIM-Signature?

Dave Crocker <dcrocker@bbiw.net> Thu, 08 February 2018 18:09 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B8DD12D80F for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Thu, 8 Feb 2018 10:09:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bbiw.net header.b=aJ2QkOaU; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=bbiw.net header.b=G8OiusvO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wu0XYPieXX6P for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Thu, 8 Feb 2018 10:09:44 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86F8012D7E9 for <ietf-dkim-archive@ietf.org>; Thu, 8 Feb 2018 10:09:44 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w18I9BBN008289; Thu, 8 Feb 2018 10:09:12 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bbiw.net; s=default; t=1518113354; bh=OLZZDq2/BHOAPXpDM4u5zMXEUbc98Mc26EQdaxKN2Wo=; h=To:References:From:Date:In-Reply-To:Cc:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From; b=aJ2QkOaU8VupejSLA8sm9wmnAGZT1tge4bBSHWmyj2mff2idJ9c1/pgWNtPEYBi1o Sv6lTsBc0viiiyyQD9UZfD8Ym7vNwLPP2ktMqy0bSimMx44FwNbEUSCMmbWHKws8LQ ZKNQQtEKtCusl/kz4m6xwaeK0sVxd3T/MvK+TFU0=
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w18I99OV008285 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 8 Feb 2018 10:09:09 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bbiw.net; s=default; t=1518113349; bh=OZv+5K4oJDUlLXFiwh9FhMI5TCHz4nIHWBS2AnrwcwU=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=G8OiusvOqC+qitoIeV0u+AywU17avG7HkGI/k/FPLNKEGiOGQ+3GuGZMCvsBfR2FD 4zYh6O413R1NNdSBZmtCPmrlXmcjTrPZI7FAJtD1WFjtvZCokBE/IS80hSErYy+AJj Q8HvFoIES0AYTkrPQmBGbbNHsDvgGStVgFATrRMY=
To: "John R. Levine" <johnl@iecc.com>
References: <9e7d6a29-cbef-e032-4af9-eb5395071b4d@tana.it> <alpine.OSX.2.21.1802080808160.51311@ary.qy> <CAL0qLwYZPRdrg-J5KMreS==SUcnAU1pZXwgFURs5T3=XaX4HOg@mail.gmail.com> <20180208161754.25028.qmail@f3-external.bushwire.net> <alpine.OSX.2.21.1802081148580.52386@ary.qy> <8269e2b7-0f10-95f6-a3c1-d320ac4749d0@bbiw.net> <alpine.OSX.2.21.1802081207120.52386@ary.qy> <87ca121d-19c3-ed75-3de0-5ee5938377cd@bbiw.net> <alpine.OSX.2.21.1802081244280.52386@ary.qy> <d7ef770e-3592-e876-6c98-5f0fbe56f7b9@bbiw.net> <alpine.OSX.2.21.1802081252290.52386@ary.qy>
From: Dave Crocker <dcrocker@bbiw.net>
Organization: Brandenburg InternetWorking
Message-ID: <8d56e48b-e4a9-93a2-2d3d-231462542376@bbiw.net>
Date: Thu, 08 Feb 2018 10:08:07 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <alpine.OSX.2.21.1802081252290.52386@ary.qy>
Content-Language: en-US
Cc: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] versions, Where is the formal definition of DKIM-Signature?
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

On 2/8/2018 10:03 AM, John R. Levine wrote:
>> The code that knows to dispatch to v=2 can, just as easily, parse for 
>> the strings associated with the new features.
> 
> True, but not very interesting.  In my spamassassin example, the outside 
> code knows nothing about DKIM versions, it just sees a dkim-signature 
> header and sends it to the DKIM library.

Oh.  So v= doesn't dispatch to different code.

> 
> The point of a v=2 flag is to ensure that old v=1 code doesn't 
> accidentally misinterpret new features. 

"Accidentally misinterpret new features" seems to be synonymous with not 
being upward compatible.  In other words, the new features make the new 
version incompatible with the old.  Hence, the new features define a new 
protocol.


  In my example, I made a
> semantic change: in v=1 DKIM, verifiers ignore tags they don't 
> understand.  In v=2, there's a new tag type that fails if a verifier 
> can't handle it.

Change to basic semantics of the protocol.  Hence, new protocol.


d/
-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email