[ietf-dkim] domain keys, the h tag, and the reflector at
sendmail.net
Eric Allman
eric+dkim at sendmail.org
Tue Sep 11 14:19:08 PDT 2007
Since no one else seems to want to bite, I will....
--On September 7, 2007 10:27:40 PM -0500 dave
<dave.wanta at 123aspx.com> wrote:
> Hi,
> (If this isn't the right list, please let me know where I can ask
> this question)
Well, this really isn't the right list, since DomainKeys and DKIM are
not the same thing (although they are closely related). At this
point I would recommend you be implementing DKIM rather than DK.
That seems to be the direction the industry is going.
> As an educational experiance, I'm writing my own domain keys
> signer. I'm using the reflector at sendmail (
> sa-test[at]sendmail.net ) for testing. Everything is working fine,
> except when I try to use the "h" tag. Then my domain-keys signature
> fails as BAD. I'm going off of the spec:
> draft-delany-domainkeys-base-06, which I believe is the latest spec
> for domain keys.
Actually RFC 4870 is as close as it gets to an official version.
> I hope I'm asking the right questions here, so, feel free to ask for
> clarification.
>
> It's my understanding that I use only the headers that are listed
> in the "h" tag, and sign as if those were the only headers that
> existed.
Based on my recollection, that is correct. It is definitely true in
DKIM.
> for example, let's say I use the email sample found in the base-06
> spec. It has the following headers (hopefully this doesn't wrap too
> bad):
>
> ------------ Start Sample --------
> From: "Joe SixPack" <joe at football.example.com>
> To: "Suzie Q" <suzie at shopping.example.net>
> Subject: Is dinner ready?
> Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
> Message-ID: <20030712040037.46341.5F8J at football.example.com>
>
> [body goes here]
> ------------ End Sample --------
>
> If the "h" tag is created like:
>
> h="subject:from";
>
> It's my understanding that I would actually sign this content:
> ------------ Start Sample --------
> Subject: Is dinner ready?
> From: "Joe SixPack" <joe at football.example.com>
>
> [body goes here]
> ------------ End Sample --------
>
> Is that correct? In other words, I concatonate the "subject" and
> "from" headers (in that order), add my blank line, and then the
> body. I then sign that combination.
It looks like that's correct based on a (very quick) scan of RFC 4870.
eric
More information about the ietf-dkim
mailing list