/usr/share/doc/libmail-dkim-perl/dkim_errata.txt is in libmail-dkim-perl 0.44-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | Following are some notes about gray areas in the RFC 4871 DKIM
specification.
Section 3.4.4 "relaxed" Body Canonicalization
Empty bodies. Unlike the "simple" body canonicalization, which
explicitly says to add a CRLF, the "relaxed" body canonicalization
does not say this. The consensus at DKIM-Interop was NOT to add
a CRLF for "relaxed" body canonicalization when the body is empty.
Section 3.5 "i= Identity of the user or agent"
In the section describing "identity", it says dkim-quoted-printable
encoding is to be used, but quoted printable is not mentioned in the
ABNF. The ABNF includes the "Local-part" token, which allows a quoted
string with backslashes to escape certain characters.
My interpretation (combining the text and my own reasoning), is that
the i= tag value should be the dkim-quoted-printable encoding of:
[ Local-part ] "@" domain-name
So, e.g.
local part domain
---------- -----------
i="meet=20joe"@example.com => "meet joe" example.com
i="fine=3Bmess"@example.com => "fine;mess" example.com
i="j=20s=22@example.com => "j s" example.com
i=j smith @ example . com => jsmith example.com
Section 3.6.1 "granularity of the key"
Does "an empty g= value never matches any addresses" mean that any
signature, no matter the i= value, using this key cannot be
matched? The consensus at DKIM-Interop was that YES, that's what
it means.
It should be noted that this is an incompatible change from
RFC4870-DomainKeys, where an empty g= tag in the public key is
equivalent to g=*, which would match anything.
|