[ietf-dkim] RFC4871 interoperability conflict over "h= " tag
sm at resistor.net
Wed Jan 12 15:31:09 PST 2011
At 11:24 12-01-11, Murray S. Kucherawy wrote:
>If an "a=rsa-sha1" message matching a "h=sha1" key fails for reasons
>other than the usual things that cause a signature to fail (i.e.
>alteration in transit or mismatched keys), I'd say the verifier is
>doing something that looks a lot like breakage to me.
My reading of Brett's message is that the specification is
unclear. There is the following informative note in Section 3.3:
INFORMATIVE NOTE: Although sha256 is strongly encouraged, some
senders of low-security messages (such as routine newsletters) may
prefer to use sha1 because of reduced CPU requirements to compute
a sha1 hash. In general, sha256 should always be used whenever
You mentioned implementation and policy in a previous message. The
first paragraph of Section 3.3 describes the software requirements
for the DKIM implementation. The second paragraph describes how the
software may be used. I'll use Murray's description and call it
policy. The better fit may be "operations" and how to ensure interoperability.
According to Section 4.1.2 of draft-ietf-dkim-implementation-report-05:
'50.5% of signatures used "rsa-sha1", while the balance
If receivers want to reinterpret the requirements, they may see more
More information about the ietf-dkim