Re: [exim] DKIM pubkey_dns_syntax

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Mike Brudenell
Ημερομηνία:  
Προς: Exim Users
Αντικείμενο: Re: [exim] DKIM pubkey_dns_syntax
Strictly speaking the RFC says that the tag name ("v") MUST be compared
case-insensitively, and its value compared case-sensitively unless the
specific description for the tag says otherwise.

The description for "v" doesn't mention allowing case-insensitive
comparisons for its value, but does say the value MUST be "DKIM1". (Hence
we're being generous (and non-conformant) by comparing the tag's value case
insensitively.

A couple of other points though:

- We should perhaps have the pattern anchored to the end of the string
with a "$" as the RFC explicitly says a string comparison myst be done, and
that "DKIM1" is *not* the same as "DKIM1.0" (which the current pattern
would allow)?

- The "v" tag doesn't appear to be mandatory, but only recommended, and
if omitted should default to "DKIM1". So strictly speaking if we're
insisting on the presence of "v=DKIM1" to consider the DNS record to be
valid we're being overly restrictive. If it's missing the "v" tag but is
otherwise a syntactically correct DKIM record it should have its value used.

Cheers,
Mike B-)

On 4 December 2017 at 14:38, Heiko Schlittermann via Exim-users <
exim-users@???> wrote:

> Wolfgang Breyha <wbreyha@???> (Mo 04 Dez 2017 15:15:45 CET):
> …
> > 6.1.2. Get the Public Key
> > [...]
> >
> > ... The Verifier MUST validate the key record and MUST
> >    ignore any public-key records that are malformed.
> …

> >
> >
> > I think your patch does exactly that;-)
>
> As we do not *validate* the key record, we just check if it
> looks like a key record (matching /^v=dkim/i), I'd say that we do not
> follow the RFC strictly.
>
> --
> Heiko
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>



--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm