[exim-dev] [Bug 2278] Invalid outgoing DKIM header signature

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2278] Invalid outgoing DKIM header signature
https://bugs.exim.org/show_bug.cgi?id=2278

Phil Pennock <pdp@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |pdp@???


--- Comment #2 from Phil Pennock <pdp@???> ---
DKIM signatures are specified in RFC 6376.

---
3.2. Tag=Value Lists

DKIM uses a simple "tag=value" syntax in several contexts, including
in messages and domain signature records.
[...]
Formally, the ABNF syntax rules are as follows:

   tag-list  =  tag-spec *( ";" tag-spec ) [ ";" ]
   tag-spec  =  [FWS] tag-name [FWS] "=" [FWS] tag-value [FWS]
   tag-name  =  ALPHA *ALNUMPUNC
   tag-value =  [ tval *( 1*(WSP / FWS) tval ) ]
                     ; Prohibits WSP and FWS at beginning and end
   tval      =  1*VALCHAR
   VALCHAR   =  %x21-3A / %x3C-7E
                     ; EXCLAMATION to TILDE except SEMICOLON
   ALNUMPUNC =  ALPHA / DIGIT / "_"


Note that WSP is allowed anywhere around tags. In particular, any
WSP after the "=" and any WSP before the terminating ";" is not part
of the value; however, WSP inside the value is significant.
---

Per the RFC, `b=;` and `b= ;` at the end are equivalent and anything assigning
semantic value to the whitespace there, and failing validation, is broken.

There's special text in 3.5 around the b= tag in this header for signing, so
it's understandable that it's handled specially, but if the issue you
highlighted is the root cause, then Exim is fully spec compliant and the
verifiers are not.

--
You are receiving this mail because:
You are on the CC list for the bug.