From johnl at taugh.com Sun Feb 24 10:09:26 2008 From: johnl at taugh.com (John R Levine) Date: 24 Feb 2008 13:09:26 -0500 Subject: [dkim-ops] DKIM DNS record cr lf Message-ID: A recent perusal of RFC 4871 reminded me that it uses the same tag-list syntax for the DKIM-Signature: header and the DNS record. The ABNF uses FWS for folding white space, which means that the DNS records can contain newlines, e.g.: v \r\n=DKIM1;\r\n h=\r\nsha256;p=\r\n"23jkdjk ... ; Has anyone ever put a newline in a DKIM TXT record? Would records with new lines interoperate with existing DKIM implementations? I gather the theory was that you'd use the same parser to handle the header line and the TXT record, but it seems to me the parser needs to know which one it's parsing due to other differences, e.g. you need to trim off the trailing newline on the header line or the tag-list ABNF won't match since it doesn't permit FWS after a final semicolon. Regards, John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY "I dropped the toothpaste", said Tom, crestfallenly. From sm at resistor.net Sun Feb 24 16:33:13 2008 From: sm at resistor.net (SM) Date: Sun, 24 Feb 2008 16:33:13 -0800 Subject: [dkim-ops] DKIM DNS record cr lf In-Reply-To: References: Message-ID: <6.2.5.6.2.20080224162719.0298f228@resistor.net> Hi John, At 10:09 24-02-2008, John R Levine wrote: >Has anyone ever put a newline in a DKIM TXT record? Would records with >new lines interoperate with existing DKIM implementations? I came across such a case today. The message passed DKIM verification on one implementation and failed on another. Regards, -sm