DKIM                                                     D. Crocker, Ed.
Internet-Draft                               Brandenburg InternetWorking
Intended status: Standards Track                        February 2, 5, 2009
Expires: August 6, 9, 2009

    RFC 4871 DomainKeys Identified Mail (DKIM) Signatures -- Errata
                   draft-ietf-dkim-rfc4871-errata-01
                   draft-ietf-dkim-rfc4871-errata-02

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on August 6, 9, 2009.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Abstract

   This documents and resolves errata for RFC 4871, DomainKeys
   Identified Mail (DKIM) Signatures.  Specifically the document
   clarifies the nature, roles and relationship of the two DKIM
   identifier tag values that are candidates for payload delivery to a
   receiving processing module.  This Errata entry has been developed
   and approved by the IETF's DKIM working group.

Errata Contact Fields

   Name:   Dave Crocker

   Email:   dcrocker@bbiw.net

Type

   Technical

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  RFC 4871 Abstract  . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  RFC4871 Section 1. Introduction  . . . . . . . . . . . . . . . . 3  4
   4.  RFC4871 Section 2.7 Identity . . . . . . . . . . . . . . . . .  4
   5.  RFC4871 Section 2.8 Identifier . . . . . . . . . . . . . . . .  4
   6.  RFC4871 Section 2.9 Signing Domain Identifier (SDID) . . . . .  4
   7.  RFC4871 Section 2.10 User Agent Identifier (UAID)  . . . . . . . 4  5
   8.  RFC4871 Section 2.11 Identity Assessor . . . . . . . . . . . .  5
   9.  RFC4871 Section 3.9 Relationship Between SDID and UAID  . . . . 5
   10. RFC4871 Section 3.5 The DKIM-Signature Header Field  . . . . . . 6
   11.  5
   10. RFC4871 Section 3.5 The DKIM-Signature Header Field  . . . . . .  6
   12.
   11. RFC4871 Section 3.8.  Signing by Parent Domains  . . . . . . .  8
   12. RFC4871 Section 3.9 Relationship Between SDID and UAID . . . . 6  9
   13. RFC4871 Section 6.3.  Interpret Results/Apply Local Policy . . 7 10
   14. RFC4871 Section 6.3.  Interpret Results/Apply Local Policy . . 7 11
   15. RFC4871 Appendix D.  MUA Considerations  . . . . . . . . . . . . 8 11
   16. Security Considerations  . . . . . . . . . . . . . . . . . . . . 8 11
   17. Normative References . . . . . . . . . . . . . . . . . . . . . 8 11
   Appendix A.  Acknowledgements  . . . . . . . . . . . . . . . . . . . 8 12
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8 12

1.  Introduction

   About the purpose for DKIM, [RFC4871] states:

      The ultimate goal of this framework is to permit a signing domain
      to assert responsibility for a message, thus protecting message
      signer identity...

   Hence, DKIM has a signer that produces a signed message, a verifier
   that confirms the signature and an assessor that consumes the
   validated signing domain. so  So the simple purpose of DKIM is to
   communicate an identifier to a receive-side assessor module.  The
   identifier is in the form of a domain name that refers to a
   responsible identity.  For DKIM to be interoperable and useful,
   signer and assessor must share the same understanding of the details
   about the identifier.

   However the RFC5871 specification defines two, potentially different
   identifiers that are carried in the DKIM-Signature: header field field, d=
   and i=.  Either might be delivered to a receiving processing module
   that consumes validated payload.  The DKIM specification fails to
   clearly define what is "payload" to be delivered to a consuming
   module, versus what is internal and merely in support of achieving
   payload delivery.

   This currently leaves signers and assessors with the potential for
   having differing -- and therefore non-interoperable --
   interpretations of how DKIM operates.

   This erratum resolves this confusion.  It defines new labels for the
   two values, clarifies their nature, and specifies and their
   relationship.

   NOTE:   This Errata document has been developed and approved by the
      IETF's DKIM working group.  For more information about DKIM and
      its IETF working group, see: <http://dkim.org>.

2.  RFC 4871 Abstract

   Original Text:

      The ultimate goal of this framework is to permit a signing domain
      to assert responsibility for a message,
   Corrected Text:

      The ultimate goal of this framework is to permit a person, role or
      organization that owns the signing domain to assert responsibility
      for a message,

3.  RFC4871 Section 1. Introduction

   Original Text:   permitting

      ...permitting a signing domain to claim responsibility

   Corrected Text:

      permitting a person, role or organization that owns the signing
      domain to claim responsibility

4.  RFC4871 Section 2.7 Identity

   A person, role or organization.

   Original Text:

      (None.  Additional text.)

   Corrected Text:

      A person, role or organization.  In the context of DKIM, examples
      include author, author's organization, an ISP along the handling
      path, an independent trust assessment service, and a mailing list
      operator.

5.  RFC4871 Section 2.8 Identifier

   Original Text:

      (None.  Additional text.)

   Corrected Text:

      A label that refers to an identity.

6.  RFC4871 Section 2.9 Signing Domain Identifier (SDID)
   Original Text:

      (None.  Additional text.)

   Corrected Text:

      A single, opaque value that is the mandatory payload output of
      DKIM and that which refers to the identity claiming responsibility for
      the introduction of a message into the mail stream.  Within the scope of the DKIM Signing specification, the
      conventions and semantics used by a signer to create and use a
      specific SDID are outside the scope of the DKIM Signing
      specification, as  It is any use of those conventions and semantics.
      specified in section 3.5.

7.  RFC4871 Section 2.10 User Agent Identifier (UAID)

   Original Text:

      (None.  Additional text.)

   Corrected Text:

      A single, opaque value that is the optional,
      additional payload output of DKIM and that identifies the user or agent on behalf
      of whom the SDID has taken responsibility.  The
      conventions and semantics used by a signer to create and use a
      specific UAID are outside the scope of the DKIM Signing
      specification, as  It is any use of those conventions and semantics. specified in
      section 3.5.

8.  RFC4871 Section 2.11 Identity Assessor

   Original Text:

      (None.  Additional text.)

   Corrected Text:

      The name of the module that consumes DKIM's primary payload, the
      responsible Signing Domain Identifier (SDID).  It can optionally
      consume the User Agent Identifier (UAID) value, if provided to the
      module.  The conventions and semantics used by a
      signer to create and use a specific SDID or UAID are outside the
      scope of the DKIM Signing specification, as is any use of those
      conventions and semantics.

9.  RFC4871 Section 3.9 Relationship Between SDID and UAID 3.5 The DKIM-Signature Header Field

   Original Text:   (None.

   d=  The domain of the signing entity (plain-text; REQUIRED).  This is an addition.)

   Corrected Text:   DKIM's primary task is to communicate from
       the
      Signer to a recipient-side Identity Assessor a single, Signing
      Domain Identifier (SDID) domain that identifies a responsible identity.
      The SDID will be queried for the public key.  This domain
       MUST be the value same as or a parent domain of the d= tag.  DKIM MAY optionally
      provide "i=" tag (the
       signing identity, as described below), or it MUST meet the
       requirements for parent domain signing described in Section 3.8.
       When presented with a single responsible User Agent Identifier (UAID); if signature that does not meet these
       requirement, verifiers MUST consider the
      UAID is present, it signature invalid.

       Internationalized domain names MUST be encoded as described in
       [RFC3490].

       ABNF:

          sig-d-tag       = %x64 [FWS] "=" [FWS] domain-name
          domain-name     = sub-domain 1*("." sub-domain)
                   ; from RFC 2821 Domain, but excluding address-literal

   Corrected Text:

      d=

         Specifies the value SDID claiming responsibility for an introduction
         of a message into the i= tag. mail stream (plain-text; REQUIRED).  This
         is the domain that will be queried for the public key.  The
         SDID MUST correspond to a valid DNS name under which the DKIM
         key record is published.  The UAID is specified as having the same syntax as an email
      address, but is not required conventions and semantics used by
         a signer to have create and use a specific SDID are outside the same semantics.  Notably,
         scope of the domain name DKIM Signing specification, as is not required to be registered in the DNS -- so
      it might not resolve in a query -- any use of those
         conventions and the Local-part MAY be drawn
      from semantics.  When presented with a namespace signature
         that does not contain meet these requirements, verifiers MUST consider
         the user's mailbox. signature invalid.

         Internationalized domain names MUST be encoded as described in
         [RFC3490].

         ABNF:

            sig-d-tag = %x64 [FWS] "=" [FWS] domain-name
            domain-name = sub-domain 1*("." sub-domain)
                   ; from RFC 2821 Domain, but excluding address-literal

10.  RFC4871 Section 3.5 The
      details DKIM-Signature Header Field

   Original Text:

   i=  Identity of the structure and semantics for the namespace are
      determined by the Signer.  Any knowledge user or use agent (e.g., a mailing list manager) on
       behalf of those details
      by verifiers or assessors which this message is outside signed (dkim-quoted-printable;
       OPTIONAL, default is an empty Local-part followed by an "@"
       followed by the scope of domain from the DKIM Signing
      specification. "d=" tag).  The Signer MAY choose to use the same namespace
      for its UAIDs as its users' syntax is a
       standard email addresses, or address where the Local-part MAY choose other
      means be omitted.  The
       domain part of representing its users.  However, the signer SHOULD use address MUST be the same UAID for each message intended to be evaluated as being
      within or a subdomain of
       the same sphere value of responsibility, if it wishes to offer
      receivers the option "d=" tag.

       Internationalized domain names MUST be converted using the steps
       listed in Section 4 of [RFC3490] using the UAID as a finer grained, stable
      identifier than "ToASCII" function.

       ABNF:

          sig-i-tag =
                  %x69 [FWS] "=" [FWS] [ Local-part ] "@" domain-name

       INFORMATIVE NOTE: The Local-part of the SDID.

      Hence, DKIM delivers to receive-side Identity Assessors
      responsible Identifiers that are individual, opaque values.  Their
      sub-structures and particular semantics are "i=" tag is optional
       because in some cases a signer may not publicly defined
      and, therefore, cannot be assumed by an Identity Assessor.

      A receive-side DKIM verifier MUST communicate the Signing Domain
      Identifier (d=) able to establish a consuming Identity Assessor module and MAY
      communicate the User Agent Identifier (i=) if present.

      To
       verified individual identity.  In such cases, the extent signer may
       wish to assert that a receiver attempts although it is willing to intuit any structured
      semantics go as far as
       signing for either the domain, it is unable or unwilling to commit
       to an individual user name within their domain.  It can do so
       by including the domain part but not the Local-part of the identifiers, this
       identity.

       INFORMATIVE DISCUSSION: This document does not require the value
       of the "i=" tag to match the identity in any message header
       fields.  This is considered to be a heuristic
      function that is outside verifier policy issue.
       Constraints between the scope value of DKIM's specification the "i=" tag and
      semantics.  Hence it is relegated other
       identities in other header fields seek to apply basic
       authentication into the semantics of trust associated with a higher-level service,
       role such as content author.  Trust is a delivery handling filter that integrates a variety of inputs broad and performs heuristic analysis of them.

10.  RFC4871 Section 3.5 The DKIM-Signature Header Field

   Original Text:   d= complex
       topic and trust mechanisms are subject to highly creative
       attacks.  The domain real-world efficacy of any but the signing entity. most basic
       bindings between the "i=" value and other identities is not
       well established, nor is its vulnerability to subversion by
       an attacker.  Hence reliance on the use of these options
       should be strictly limited.  In particular, it is not at all
       clear to what extent a typical end-user recipient can rely on
       any assurances that might be made by successful use of the
       "i=" options.

   Corrected Text:   d= Specifies

      i=

         The User Agent Identifier (UAID) on behalf of which the SDID claiming is
         taking responsibility for (dkim-quoted-printable; OPTIONAL, default
         is an introduction empty Local-part followed by an "@" followed by the
         domain from the "d=" tag).

         The syntax is a standard email address where the Local-part MAY
         be omitted.  The domain part of the address MUST be the same
         as, or a subdomain of the value of, the "d=" tag.

         Internationalized domain names MUST be converted using the
         steps listed in Section 4 of [RFC3490] using the "ToASCII"
         function.

         ABNF:

              sig-i-tag =  %x69 [FWS] "=" [FWS]
                           [ Local-part ] "@" domain-name

         The UAID is specified as having the same syntax as an email
         address, but is not required to have the same semantics.
         Notably, the domain name is not required to be registered in
         the DNS -- so it might not resolve in a query -- and the Local-
         part MAY be drawn from a namespace that does not contain the
         user's mailbox.  The details of the structure and semantics for
         the namespace are determined by the Signer.  Any knowledge or
         use of those details by verifiers or assessors is outside the
         scope of the DKIM Signing specification.  The Signer MAY choose
         to use the same namespace for its UAIDs as its users' email
         addresses, or MAY choose other means of representing its users.
         However, the signer SHOULD use the same UAID for each message into
         intended to be evaluated as being within the mail stream. same sphere of
         responsibility, if it wishes to offer receivers the option of
         using the UAID as a finer grained, stable identifier than the
         SDID.

         INFORMATIVE NOTE: The Local-part of the "i=" tag is optional
         because in some cases a signer may not be able to establish a
         verified individual identity.  In such cases, the signer might
         wish to assert that although it is willing to go as far as
         signing for the domain, it is unable or unwilling to commit to
         an individual user name within their domain.  It can do so by
         including the domain part but not the Local-part of the
         identity.

11.  RFC4871 Section 3.5 The DKIM-Signature Header Field 3.8.  Signing by Parent Domains

   Original Text:   i= Identity

     e.g., a key record for the domain example.com can be used to verify
   messages where the signing identity ("i=" tag of the signature) is
   sub.example.com, or even sub1.sub2.example.com.  In order to limit
   the capability of such keys when this is not intended, the "s" flag
   may be set in the "t=" tag of the key record to constrain the
   validity of the record to exactly the domain of the signing identity.
   If the referenced key record contains the "s" flag as part of the
   "t=" tag, the domain of the signing identity ("i=" flag) MUST be the
   same as that of the user or agent (e.g., a mailing
      list manager) on behalf of which d= domain.  If this message flag is signed

   Corrected Text:   i= The responsible User Agent Identifier (UAID) on
      behalf absent, the domain of which
   the SDID is taking responsibility.

12.  RFC4871 Section 3.8.  Signing by Parent Domains signing identity MUST be the section where same as, or a subdomain of, the error appears

   Original d=
   domain.

   Corrected Text:   e.g.,

      ...for example, a key record for the domain example.com can be
      used to verify messages where the signing identity UAID ("i=" tag of the signature)
      is sub.example.com, or even sub1.sub2.example.com.  In order to
      limit the capability of such keys when this is not intended, the
      "s" flag may MAY be set in the "t=" tag of the key
      record record, to
      constrain the validity of the record to exactly the domain of the signing identity. UAID.  If the
      referenced key record contains the "s" flag as part of the "t="
      tag, the domain of the
      signing identity UAID ("i=" flag) MUST be the same as that
      of the d=
      domain.  If this flag is absent, the domain the SDID (d=) domain.  If this flag is absent, the domain of
      the UAID MUST be the same as, or a subdomain of, the SDID.

12.  RFC4871 Section 3.9 Relationship Between SDID and UAID

   Original Text:   (None.  This is an addition.)

   Corrected Text:

      DKIM's primary task is to communicate from the Signer to a
      recipient-side Identity Assessor a single, Signing Domain
      Identifier (SDID) that refers to a responsible identity.  DKIM MAY
      optionally provide a single responsible User Agent Identifier
      (UAID).

      Hence, DKIM delivers to receive-side Identity Assessors
      responsible Identifiers that are opaque to the assessor.  Their
      sub-structures and particular semantics are not publicly defined
      and, therefore, cannot be assumed by an Identity Assessor.

      A receive-side DKIM verifier MUST communicate the Signing Domain
      Identifier (d=) to a consuming Identity Assessor module and MAY
      communicate the User Agent Identifier (i=) if present.

      To the extent that a receiver attempts to intuit any structured
      semantics for either of the identifiers, this is a heuristic
      function that is outside the scope of DKIM's specification and
      semantics.  Hence it is relegated to a higher-level service, such
      as a delivery handling filter that integrates a variety of inputs
      and performs heuristic analysis of them.

      INFORMATIVE DISCUSSION: This document does not require the signing
      identity MUST be value
      of the same as, SDID or a subdomain of, the d=
   Corrected Text:   For example, a key record for UAID to match the domain
      example.com can be used identity in any message header
      fields.  This is considered to verify messages where be an assessor policy issue.
      Constraints between the UAID ("i="
      tag value of the signature) is sub.example.com, SDID or even
      sub1.sub2.example.com.  In order UAID and other
      identities in other header fields seek to limit apply basic
      authentication into the capability semantics of trust associated with a role
      such
      keys when this as content author.  Trust is not intended, the "s" flag MAY be set in the
      "t=" tag of the key record, a broad and complex topic and
      trust mechanisms are subject to constrain the validity of the
      domain highly creative attacks.  The
      real-world efficacy of any but the UAID.  If the referenced key record contains the "s"
      flag as part of most basic bindings between the "t=" tag,
      SDID or UAID and other identities is not well established, nor is
      its vulnerability to subversion by an attacker.  Hence reliance on
      the domain use of the UAID ("i=" flag)
      MUST these options should be the same as strictly limited.  In
      particular, it is not at all clear to what extent a typical end-
      user recipient can rely on any assurances that might be made by
      successful use of the SDID (d=) domain.  If this flag is
      absent, the domain of the UAID MUST be the same as, or a subdomain
      of, the SDID. UAID.

13.  RFC4871 Section 6.3.  Interpret Results/Apply Local Policy

   Original Text:

   It is beyond the scope of this specification to describe what actions
   a verifier system should make, but an authenticated email presents an
   opportunity to a receiving system that unauthenticated email cannot.
   Specifically, an authenticated email creates a predictable identifier
   by which other decisions can reliably be managed, such as trust and
   reputation.  Conversely, unauthenticated email lacks a reliable
   identifier that can be used to assign trust and reputation.

   Corrected Text:

      It is beyond the scope of this specification to describe what
      actions an Identity Assessor can make, but mail carrying a
      validated SDID presents an opportunity to an Identity Assessor
      that unauthenticated email does not not.  Specifically, an
      authenticated email creates a predictable identifier by which
      other decisions can reliably be managed, such as trust and
      reputation.

14.  RFC4871 Section 6.3.  Interpret Results/Apply Local Policy

   Original Text:

   Once the signature has been verified, that information MUST be
   conveyed to higher-level systems (such as explicit allow/whitelists
   and reputation systems) and/or to the end user.  If the message is
   signed on behalf of any address other than that in the From: header
   field, the mail system SHOULD take pains to ensure that the actual
   signing identity is clear to the reader.

   Corrected Text:

      Once the signature has been verified, that information MUST be
      conveyed to the Identity Assessor (such as an explicit allow/whitelist allow/
      whitelist and reputation system) and/or to the end user.  If the
      SDID is not the same as the address in the From: header field, the
      mail system SHOULD take pains to ensure that the actual SDID is
      clear to the reader.

15.  RFC4871 Appendix D.  MUA Considerations

   Original Text:   The tendency is to have the MUA highlight the
      address associated with this signing identity in some way, in an
      attempt to show the user the address from which the mail was sent.

   Corrected Text:   The tendency is to have the MUA highlight the SDID,
      in an attempt to show the user the identity that is claiming
      responsibility for the message.

16.  Security Considerations

   This Errata document clarifies core details about DKIM's payload.  As
   such it affects interoperability, semantic characterization, and the
   expectations for the identifiers carried with a DKIM signature.
   Clarification of these details is likely to limit misinterpretation
   of DKIM's semantics.  Since DKIM is fundamentally a security
   protocol, this should improve its security characteristics.

17.  Normative References

   [RFC4871]  Allman, E., Callas, J., Delany, M., Libbey, M., Fenton,
              J., and M. Thomas, "DomainKeys Identified Mail (DKIM)
              Signatures", RFC 4871, May 2007.

Appendix A.  Acknowledgements

   This document was initially formulated by an ad hoc design team,
   comprising: Jon Callas, J D Falk, Jim Fenton, Tony Hansen, Murray
   Kucherawy, John Levine, Michael Hammer, Jeff Macdonald, Ellen Siegel,
   Wietse Venema.  It represents a rough consensus of that effort,
   although the final wording of the was then submitted draft is the sole
   responsibility (d=) of to the listed author. DKIM working group for
   revision and approval.

Author's Address

   D. Crocker (editor)
   Brandenburg InternetWorking

   Phone: +1.408.246.8253
   Email: dcrocker@bbiw.net