[ietf-dkim] testing Message Corpus & question for base spec

[Eric Allman]

--On February 10, 2006 6:34:08 PM -0500 Hector Santos 
<hsantos at santronics.com> wrote:
> Our implementation will be to reject all illegal DKIM
> implementations, the form, the syntax, etc - regardless of any
> relaxed DKIM specification or recommendation and especially of any
> accreditation system saying otherwise including augmented fee-based
> tokens.

Hector, are you saying that you intend to ignore MUSTs in the spec? 
For example, the spec says that verifiers MUST ignore any tags that 
they do not implement.  This can be viewed as a "relaxed" view, but 
it is critical to allow future extensions.

If you're just talking about the x=-1019102801 issue (and things of 
that sort, i.e., malformed entries that the verifier does understand) 
then I'm in total agreement, and I think the existing draft already 
covers that.  For example, section 6.1 includes:

        Implementers MUST meticulously validate the format and values
        in the "DKIM-Signature:" header field; any inconsistency or
        unexpected values MUST result in an unverified email. Being
        "liberal in what you accept" is definitely a bad strategy in
        this security context. Note however that this does not
        include the existence of unknown tags in a "DKIM-Signature"
        header field, which are explicitly permitted.

Since the ABNF for the x= tag reads:

        sig-x-tag    = %x78 [FWS] "=" [FWS] 1*12DIGIT

the hyphen/dash/minus is clearly out of spec.

[I do see one error however; that statement should probably say "MUST 
cause the header field to be completely ignored", which is consistent 
with the wording in the rest of section 6.]

eric