[dkim-dev] Clarifications on draft-ietf-dkim-base-01

[Murray S. Kucherawy]

Tony Hansen wrote:
>>This paragraph should be ignored completely.  It should have been removed.
> 
> Should the CRLF be there or not between the canonicalized headers and
> the DKIM-Signature? I expect it to be there, but this paragraph is the
> only place that says it should be there.

No, it should not.  This says exactly how to do it:

    In hash step 2, the signer or verifier MUST pass the following to the
    hash algorithm in the indicated order.

    1.  The header fields specified by the "h=" tag, in the order
        specified in that tag, and canonicalized using the header
        canonicalization algorithm specified in the "c=" tag.  Each
        header field must be terminated with a single CRLF.

    2.  The "DKIM-Signature" header field that exists (verifying) or will
        be inserted (signing) in the message, with the value of the "b="
        tag deleted (i.e., treated as the empty string), canonicalized
        using the header canonicalization algorithm specified in the "c="
        tag, and without a trailing CRLF.

There's no intervening CRLF.

> The signature in -00 was generated from "header CRLF body CRLF
> dkim-signature". Now I expect it to be generated from "header CRLF
> dkim-signature". That is, the "body CRLF" disappears, but not *both* CRLFs.
> 
> Am I wrong?

My understanding after talking to Eric:

The body hash is of the body only; no extra CRLFs and no signature.

The header hash contains the headers to be signed (if signing) or the headers 
replayed according to the "h=" tag value (if verifying), followed by the 
signature being evaluated (if verifying) or generated (if signing) minus the 
"b=" value.  Again, no extra CRLFs.