Hello there,
We have a curious case of "we did miss this in the standard" from a
remote DKIM implementation
that cannot properly retrieve our domainkey from DNS.
The case is, that our DKIM signed header hits character 78 exactly
before the
separator semicolon inside the DKIM header. This causes exim to insert
folding
whitespace before the semicolon:
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=uni-kiel.de
; s=20180612;
h=Content-Type:MIME-Version:Date:Message-ID:Subject:From:To:
Now, if I follow RFC 6376, section 3.2
(
https://tools.ietf.org/html/rfc6376#section-3.2) correctly, this is
perfectly legal.
Folding whitespace around the separator is permitted and is explicitly
not part of the tag-value.
The vendor in question seems to have missed this and parses
"d=uni-kiel.de;" into the tag-value "uni-kiel.de " (note blank)
and consequently fails the key lookup. The vendor is informed about the
problem, we are currently waiting if
an update is forthcoming.
Nonetheless, I would like to ask,
- did anybody else experience similar issues?
- is there an opinion, if this is worth a workaround inside exim's DKIM
implementation?
pdkim_headcat(), which constructs the DKIM header does not really
have any user serviceable parts. And as currently implemented,
disabling the folding break before "pad" character might break
the 78 character line promise.
Kind regards,
Peter
