[dkim-ops] [Dkim-contact] When i switched to "g=bh", Gmail said (...)

Byung-Hee HWANG bh at izb.knu.ac.kr
Tue Nov 4 17:19:54 PST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OK, i reviewed about the "i" tag again. And then, someday i'll contact
DKIMProxy developer directly with this "i" tag issue. Thanks Vijay for
cool explains ;;

Vijay Eranti (✌ విజయ్ ఈరంటి) wrote:
> hi byung-hee hwang,
> 
> It seems we are doing what is specified in spec.
> 
> Your dkim signature
> 
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=izb.knu.ac.kr <http://izb.knu.ac.kr>;
> 
> 	 h=message-id:date:from:mime-version:to:subject:content-type:
> 	content-transfer-encoding; s=dj; bh=QiPZXJCZYs3YqbS59DQ6rAk23YbX
> 	xD8YurNQDfizz78=; b=pGMXFSrqz4ad4yCTUGKdb0XtDefczz+bvyIFSTF9T7gT
> 	SBXUjM/In6JXbJMLMAxDBotxWrhHP8XxTihOfcwRuxdZJhQ4TnPzKrE8qY8KKNEK
> 
> 	ojn7LMpnn4dtcwjbT4KWh12IWLCnKppgUulSgqeWwzyGtCnMxS3aPYGBlPJ7IqU=
> 
> is missing the i= part. The spec says that
> 
> i=  Identity of the user or agent (e.g., a mailing list manager) on
>        behalf of which this message is signed (dkim-quoted-printable;
> 
>        OPTIONAL, *default is an empty Local-part* followed by an "@"
>        followed by the domain from the "d=" tag).  The syntax is a
>        standard email address where the Local-part MAY be omitted.  The
> 
>        domain part of the address MUST be the same as or a subdomain of
> 
> 
>        the value of the "d=" tag.
> 
> 
> So, the spec says to us to match empty string "" (which is default value
> of i= local part) with what ever you specify in g=  - in this case, you
> are specifying g=bh for the failure case. And hence we are failing the
> message. Please review the dkim spec and add an i=bh at izb.knu.ac.kr
> <mailto:bh at izb.knu.ac.kr> as per it to the dkim signature.
> 
> 2008/11/4 Byung-Hee HWANG <bh at izb.knu.ac.kr <mailto:bh at izb.knu.ac.kr>>
> 
> Here is the full header failed in DKIM verifying:
> 
> <URL:http://izb.knu.ac.kr/~bh/stuff/gmail-full-header-2008110501
> <http://izb.knu.ac.kr/%7Ebh/stuff/gmail-full-header-2008110501>>
> 
> FYI; i used/use Jason's DKIMProxy for signing DKIM signature ;;
> 
> Vijay Eranti ( 5?
/M 0?) wrote:
>> can you send me a sample dkim signature that failed ?
>> here is what the spec says
> 
>> g=  Granularity of the key (plain-text; OPTIONAL, default is "*").
>>        This value MUST match the Local-part of the "i=" tag of the
> DKIM-
> 
>>        Signature header field (or its default value of the empty
> string
>>        if "i=" is not specified). An email with a signing address
> that does not
>>        match the value of this tag constitutes a failed verification.
> 
>>        The intent of this tag is to constrain which signing
> address can
>>        legitimately use this selector, for example, when delegating a
>>        key to a third party that should only be used for special
>>        purposes.
> 
>> I am interested in what you specified in your i= in the dkim
> signature.
> 
> 
>> On Mon, Nov 3, 2008 at 8:27 PM, Byung-Hee HWANG <bh at izb.knu.ac.kr
> <mailto:bh at izb.knu.ac.kr>
>> <mailto:bh at izb.knu.ac.kr <mailto:bh at izb.knu.ac.kr>>> wrote:
> 
> 
>> When i was used with "g=*", Gmail said as follow:
> 
>>        dkim=pass (test mode) header.i=@izb.knu.ac.kr
> <http://izb.knu.ac.kr>
>> <http://izb.knu.ac.kr>
> 
>> When i switched to "g=bh" from "g=*", Gmail said as follow:
> 
>>        dkim=neutral (no key) header.i=@izb.knu.ac.kr
> <http://izb.knu.ac.kr>
>> <http://izb.knu.ac.kr>
> 
>> Below is my current TXT record for DKIM:
> 
>> bh at chrys:~> dig +short dj._domainkey.izb.knu.ac.kr
> <http://domainkey.izb.knu.ac.kr>
>> <http://domainkey.izb.knu.ac.kr>. TXT
>> "v=DKIM1; k=rsa; g=bh; s=email; t=y; p=...snip...;"
>> bh at chrys:~>
> 
>> With same key("g=bh"), dkim-test at testing.dkim.org
> <mailto:dkim-test at testing.dkim.org>
>> <mailto:dkim-test at testing.dkim.org
> <mailto:dkim-test at testing.dkim.org>>'s result was:
> 
>>        dkim=pass, header.i=bh at izb.knu.ac.kr
> <mailto:bh at izb.knu.ac.kr> <mailto:bh at izb.knu.ac.kr
> <mailto:bh at izb.knu.ac.kr>>
> 
>> Am i wrong? Or Gmail's missed point about "g" tag?
> 
>> byunghee
> 
> 
> 
> 
> 
> --~--~---------~--~----~------------~-------~--~----~
> You received this message because you are subscribed to the Google
> Groups "Dkim-contact" group.
> To post to this group, send email to dkim-contact at google.com
> <mailto:dkim-contact at google.com>
> <mailto:dkim-contact at google.com <mailto:dkim-contact at google.com>>
> To unsubscribe from this group, send email to
> dkim-contact+unsubscribe at google.com
> <mailto:dkim-contact%2Bunsubscribe at google.com>
> <mailto:dkim-contact%2Bunsubscribe at google.com
> <mailto:dkim-contact%252Bunsubscribe at google.com>>
> For more options, visit this group at
> http://groups.google.com/a/google.com/group/dkim-contact?hl=en
> -~----------~----~----~----~------~----~------~--~---
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkkQ9LoACgkQsCouaZaxlv5WFQCfbCEFy6RCZKYKpzXn7JdHRtmo
/FAAnivCNTu/42oWkNk4AVEfKux/OEC8
=7bUs
-----END PGP SIGNATURE-----



More information about the dkim-ops mailing list