Re: [exim] DKIM signing with the i= (Identity) tag/header

Top Page
Delete this message
Reply to this message
Author: Mike Brudenell
Date:  
To: Jeremy Harris
CC: Exim Users
Subject: Re: [exim] DKIM signing with the i= (Identity) tag/header
On 22 November 2016 at 15:58, Jeremy Harris <jgh@???> wrote:

> If I read RFC 4871 correctly, not so. There is no mention of backslash
> as part of the tag-spec separator in a tag-list, and the value for a v=
> tag must be set to exactly "DKIM1" (without the quotes).
>


For info, RFC 4871 was obsoleted by RFC 6376

In terms of the value to be published in the DNS the separator is a
semicolon only, without any preceding backslashes.

However…

Where do you find the requirement for a backslash?
>


Maybe the confusion might be arising from:

- in some DNS servers a ";" outside a string in their zone file starts a
comment;
- some DNS servers therefore require you to escape semicolons when
entering the data through a web management page;
- but others (such as ours) let you just put the semicolon in and sort
themselves out.

There also seems to be suggestion that the dig utility, often used to look
up/check DNS entries, will always standardise its output format to escape a
semicolon with a preceding backslash, even if it's not actually there in
the stored data!

See:

-
http://serverfault.com/questions/743789/why-do-i-need-to-escape-with-in-a-dns-dkim-record
- https://lists.isc.org/pipermail/bind-users/2007-October/068012.html

Cheers,
Mike B-)

--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm