[ietf-dkim] draft-ietf-dkim-rfc4871bis-03: issue with 'k= Key type'
Mark.Martinec+dkim at ijs.si
Fri Mar 11 09:31:45 PST 2011
Section 3.6.1. states:
k= Key type (plain-text; OPTIONAL, default is "rsa"). Signers and
verifiers MUST support the "rsa" key type. The "rsa" key type
indicates that an ASN.1 DER-encoded [ITU-X660-1997] RSAPublicKey
[RFC3447] (see Sections Section 3.1 and A.1.1) is being used in
the "p=" tag. (Note: the "p=" tag further encodes the value using
the base64 algorithm.) Unrecognized key types MUST be ignored.
I believe the "Unrecognized key types MUST be ignored" is incorrect,
or at least can be misunderstood. It is not the key *type* (the value of
a 'k' tag) that is to be ignored (which would just mean that a 'k' tag is
useless as any value means 'rsa') - but the complete public key (record)
with a key type (implied or explicit) not matching the sig-a-tag-k from
an 'a' tag of a signature must be ignored.
More information about the ietf-dkim