draft-ietf-dkim-rfc4871-errata-07.txt   rfc5672.txt 
DKIM D. Crocker, Ed. Network Working Group D. Crocker, Ed.
Internet-Draft Brandenburg InternetWorking Request for Comments: 5672 Brandenburg InternetWorking
Updates: RFC4871 June 26, 2009 Updates: 4871 August 2009
(if approved) Category: Standards Track
Intended status: Standards Track
Expires: December 28, 2009
RFC 4871 DomainKeys Identified Mail (DKIM) Signatures -- Update RFC 4871 DomainKeys Identified Mail (DKIM) Signatures -- Update
draft-ietf-dkim-rfc4871-errata-07
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from
the person(s) controlling the copyright in such materials, this
document may not be modified outside the IETF Standards Process, and
derivative works of it may not be created outside the IETF Standards
Process, except to format it for publication as an RFC or to
translate it into languages other than English.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Abstract
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This document updates RFC 4871, "DomainKeys Identified Mail (DKIM)
http://www.ietf.org/ietf/1id-abstracts.txt. Signatures". Specifically, the document clarifies the nature, roles,
and relationship of the two DKIM identifier tag values that are
candidates for payload delivery to a receiving processing module.
The Update is in the style of an Errata entry, albeit a rather long
one.
The list of Internet-Draft Shadow Directories can be accessed at Status of This Memo
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 28, 2009. This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info). publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. and restrictions with respect to this document.
Abstract This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
This updates RFC 4871, DomainKeys Identified Mail (DKIM) Signatures. 10, 2008. The person(s) controlling the copyright in some of this
Specifically the document clarifies the nature, roles and material may not have granted the IETF Trust the right to allow
relationship of the two DKIM identifier tag values that are modifications of such material outside the IETF Standards Process.
candidates for payload delivery to a receiving processing module. Without obtaining an adequate license from the person(s) controlling
The Update is in the style of an Errata entry, albeit a rather long the copyright in such materials, this document may not be modified
one. outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. RFC 4871 Abstract . . . . . . . . . . . . . . . . . . . . . . 4 2. RFC 4871, Abstract . . . . . . . . . . . . . . . . . . . . . . 4
3. RFC4871 Section 1 Introduction . . . . . . . . . . . . . . . 5 3. RFC 4871, Section 1, Introduction . . . . . . . . . . . . . . 4
4. RFC4871 Section 2.7 Identity . . . . . . . . . . . . . . . . 5 4. RFC 4871, Section 2.7, Identity . . . . . . . . . . . . . . . 4
5. RFC4871 Section 2.8 Identifier . . . . . . . . . . . . . . . 5 5. RFC 4871, Section 2.8, Identifier . . . . . . . . . . . . . . 5
6. RFC4871 Section 2.9 Signing Domain Identifier (SDID) . . . . 5 6. RFC 4871, Section 2.9, Signing Domain Identifier (SDID) . . . 5
7. RFC4871 Section 2.10 Agent or User Identifier (AUID) . . . . 6 7. RFC 4871, Section 2.10, Agent or User Identifier (AUID) . . . 5
8. RFC4871 Section 2.11 Identity Assessor . . . . . . . . . . . 6 8. RFC 4871, Section 2.11, Identity Assessor . . . . . . . . . . 6
9. RFC4871 Section 3.5 The DKIM-Signature Header Field . . . . . 7 9. RFC 4871, Section 3.5, The DKIM-Signature Header Field . . . . 6
10. RFC4871 Section 3.5 The DKIM-Signature Header Field . . . . . 8 10. RFC 4871, Section 3.5, The DKIM-Signature Header Field . . . . 7
11. RFC4871 Section 3.8 Signing by Parent Domains . . . . . . . . 10 11. RFC 4871, Section 3.8, Signing by Parent Domains . . . . . . . 9
12. RFC4871 Section 3.9 Relationship Between SDID and AUID . . . 10 12. RFC 4871, Section 3.9, Relationship between SDID and AUID . . 10
13. RFC4871 Section 6.3 Interpret Results/Apply Local Policy . . 11 13. RFC 4871, Section 6.3, Interpret Results/Apply Local Policy . 11
14. RFC4871 Section 6.3 Interpret Results/Apply Local Policy . . 12 14. RFC 4871, Section 6.3, Interpret Results/Apply Local Policy . 11
15. RFC4871 Appendix D. MUA Considerations . . . . . . . . . . . 12 15. RFC 4871, Appendix D, MUA Considerations . . . . . . . . . . . 12
16. Security Considerations . . . . . . . . . . . . . . . . . . . 12 16. Security Considerations . . . . . . . . . . . . . . . . . . . 12
17. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 17. Normative References . . . . . . . . . . . . . . . . . . . . . 12
18. Normative References . . . . . . . . . . . . . . . . . . . . . 13 Appendix A. ABNF Fragments . . . . . . . . . . . . . . . . . . . 13
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 13 Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 14
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 13
1. Introduction 1. Introduction
About the purpose for DKIM, [RFC4871] states: About the purpose for DKIM, [RFC4871] states:
The ultimate goal of this framework is to permit a signing domain The ultimate goal of this framework is to permit a signing domain
to assert responsibility for a message, thus protecting message to assert responsibility for a message, thus protecting message
signer identity... signer identity...
Hence, DKIM has a signer that produces a signed message, a verifier Hence, DKIM has a signer that produces a signed message, a verifier
that confirms the signature and an assessor that consumes the that confirms the signature, and an assessor that consumes the
validated signing domain. So the simple purpose of DKIM is to validated signing domain. So, the simple purpose of DKIM is to
communicate an identifier to a receive-side assessor module. The communicate an identifier to a receive-side assessor module. The
identifier is in the form of a domain name that refers to a identifier is in the form of a domain name that refers to a
responsible identity. For DKIM to be interoperable and useful, responsible identity. For DKIM to be interoperable and useful, the
signer and assessor must share the same understanding of the details signer and assessor must share the same understanding of the details
about the identifier. about the identifier.
However the RFC4871 specification defines two, potentially different However, the RFC 4871 specification defines two, potentially
identifiers that are carried in the DKIM-Signature: header field, d= different, identifiers that are carried in the DKIM-Signature: header
and i=. Either might be delivered to a receiving processing module field, d= and i=. Either might be delivered to a receiving
that consumes validated payload. The DKIM specification fails to processing module that consumes validated payload. The DKIM
clearly define which is the "payload" to be delivered to a consuming specification fails to clearly define which is the "payload" to be
module, versus what is internal and merely in support of achieving delivered to a consuming module, versus what is internal and merely
payload delivery. in support of achieving payload delivery.
This currently leaves signers and assessors with the potential for This currently leaves signers and assessors with the potential for
making different interpretations between the two identifiers and may making different interpretations between the two identifiers and may
lead to interoperability problems. A signer could intend one to be lead to interoperability problems. A signer could intend one to be
used for assessment, and have a different intent in setting the value used for assessment, and have a different intent in setting the value
in the other. However the verifier might choose the wrong value to in the other. However the verifier might choose the wrong value to
deliver to the assessor, thereby producing an unintended (and deliver to the assessor, thereby producing an unintended (and
inaccurate) assessment. inaccurate) assessment.
This update resolves that confusion. It defines additional, semantic This Update resolves that confusion. It defines additional, semantic
labels for the two values, clarifies their nature and specifies their labels for the two values, clarifies their nature, and specifies
relationship. More specifically, it clarifies that the identifier their relationship. More specifically, it clarifies that the
intended for delivery to the assessor -- such as one that consults a identifier intended for delivery to the assessor -- such as one that
white list -- is the value of the "d=" tag. However, this does not consults a whitelist -- is the value of the "d=" tag. However, this
prohibit message filtering engines from using the "i=" tag, or any does not prohibit message filtering engines from using the "i=" tag,
other information in the message's header, for filtering decisions. or any other information in the message's header, for filtering
decisions.
For signers and verifiers that have been using the i= tag as the For signers and verifiers that have been using the i= tag as the
primary value that is delivered to the assessor, a software change to primary value that is delivered to the assessor, a software change to
using the d= tag is intended. using the d= tag is intended.
So, this Update clarifies the formal interface to DKIM, after So, this Update clarifies the formal interface to DKIM, after
signature verification has been performed. It distinguishes DKIM's signature verification has been performed. It distinguishes DKIM's
internal signing and verification activity, from its standardized internal signing and verification activity, from its standardized
delivery of data to that interface. delivery of data to that interface.
The focus of the Update is on the portion of DKIM that is much like The focus of the Update is on the portion of DKIM that is much like
an API definition. If DKIM is implemented as a software library for an API definition. If DKIM is implemented as a software library for
use by others, it needs to define what outputs are provided, that is, use by others, it needs to define what outputs are provided, that is,
what data that an application developer who uses the library can what data that an application developer who uses the library can
expect to obtain as a result of invoking DKIM on a message. expect to obtain as a result of invoking DKIM on a message.
This Update draft defines the output of that library to include the This Update defines the output of that library to include the yes/no
yes/no result of the verification and the "d=" value. In other result of the verification and the "d=" value. In other words, it
words, it says what (one) identifier was formally specified for use says what (one) identifier was formally specified for use by the
by the signer and whether the use of that identifier has been signer and whether the use of that identifier has been validated.
validated. For a particular library, other information can be For a particular library, other information can be provided at the
provided at the discretion of the library developer, since developers discretion of the library developer, since developers of assessors --
of assessors -- these are the consumers of the DKIM library -- well these are the consumers of the DKIM library -- well might want more
might want more information than the standardized two pieces of information than the standardized two pieces of information.
information. However that standardized set is the minimum that is However, that standardized set is the minimum that is required to be
required to be provided to a consuming module, in order to be able to provided to a consuming module, in order to be able to claim that the
claim that the library is DKIM compliant. library is DKIM compliant.
This does not state what the implicit value of "i=" is, relative to This does not state what the implicit value of "i=" is, relative to
"d=". In this context, that fact is irrelevant. "d=". In this context, that fact is irrelevant.
Another example is the difference between the socket interface to TCP Another example is the difference between the socket interface to TCP
versus the TCP protocol itself. There is the activity within the versus the TCP protocol itself. There is the activity within the
protocol stack, and then there is the activity within in the software protocol stack, and then there is the activity within in the software
libraries that are actually used. libraries that are actually used.
NOTE: The text provided here updates [RFC4871]. All references and NOTE: The text provided here updates [RFC4871]. Text appearing in
all appearances of RFC-2119 keywords are replacing text in RFC the "Corrected Text:" replaces text in RFC 4871. Hence,
4871. Hence those references are in that document and are not references that appear in the "Original Text:" can be found in RFC
needed here. 4871, and are not duplicated in this document.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119] document are to be interpreted as described in [RFC2119].
2. RFC 4871 Abstract 2. RFC 4871, Abstract
Original Text: Original Text:
The ultimate goal of this framework is to permit a signing domain The ultimate goal of this framework is to permit a signing domain
to assert responsibility for a message, to assert responsibility for a message,
Corrected Text: Corrected Text:
The ultimate goal of this framework is to permit a person, role or The ultimate goal of this framework is to permit a person, role or
organization that owns the signing domain to assert responsibility organization that owns the signing domain to assert responsibility
for a message, for a message,
3. RFC4871 Section 1 Introduction 3. RFC 4871, Section 1, Introduction
Original Text: Original Text:
...permitting a signing domain to claim responsibility ...permitting a signing domain to claim responsibility
Corrected Text: Corrected Text:
permitting a person, role or organization that owns the signing permitting a person, role, or organization that owns the signing
domain to claim responsibility domain to claim responsibility
4. RFC4871 Section 2.7 Identity 4. RFC 4871, Section 2.7, Identity
Original Text: Original Text:
(None. New section. Additional text.) (None. New section. Additional text.)
Corrected Text: Corrected Text:
A person, role or organization. In the context of DKIM, examples A person, role, or organization. In the context of DKIM, examples
include author, author's organization, an ISP along the handling include author, author's organization, an ISP along the handling
path, an independent trust assessment service, and a mailing list path, an independent trust assessment service, and a mailing list
operator. operator.
5. RFC4871 Section 2.8 Identifier 5. RFC 4871, Section 2.8, Identifier
Original Text: Original Text:
(None. New section. Additional text.) (None. New section. Additional text.)
Corrected Text: Corrected Text:
A label that refers to an identity. A label that refers to an identity.
6. RFC4871 Section 2.9 Signing Domain Identifier (SDID) 6. RFC 4871, Section 2.9, Signing Domain Identifier (SDID)
Original Text: Original Text:
(None. New section. Additional text.) (None. New section. Additional text.)
Corrected Text: Corrected Text:
A single domain name that is the mandatory payload output of DKIM A single domain name that is the mandatory payload output of DKIM
and that refers to the identity claiming responsibility for and that refers to the identity claiming responsibility for
introduction of a message into the mail stream. For DKIM introduction of a message into the mail stream. For DKIM
processing, the name has only basic domain name semantics; any processing, the name has only basic domain name semantics; any
possible owner-specific semantics are outside the scope of DKIM. possible owner-specific semantics are outside the scope of DKIM.
It is specified in section 3.5. It is specified in Section 3.5.
7. RFC4871 Section 2.10 Agent or User Identifier (AUID) 7. RFC 4871, Section 2.10, Agent or User Identifier (AUID)
Original Text: Original Text:
(None. New section. Additional text.) (None. New section. Additional text.)
Corrected Text: Corrected Text:
A single identifier that refers to the agent or user on behalf of A single identifier that refers to the agent or user on behalf of
whom the SDID has taken responsibility. The AUID comprises a whom the Signing Domain Identifier (SDID) has taken
domain name and an optional <Local-part>. The domain name is the responsibility. The AUID comprises a domain name and an optional
same as that used for the SDID or is a sub-domain of it. For DKIM <Local-part>. The domain name is the same as that used for the
processing, the domain name portion of the AUID has only basic SDID or is a sub-domain of it. For DKIM processing, the domain
domain name semantics; any possible owner-specific semantics are name portion of the AUID has only basic domain name semantics; any
outside the scope of DKIM. It is specified in section 3.5. possible owner-specific semantics are outside the scope of DKIM.
It is specified in Section 3.5.
8. RFC4871 Section 2.11 Identity Assessor 8. RFC 4871, Section 2.11, Identity Assessor
Original Text: Original Text:
(None. New section. Additional text.) (None. New section. Additional text.)
Corrected Text: Corrected Text:
A module that consumes DKIM's mandatory payload, which is the A module that consumes DKIM's mandatory payload, which is the
responsible Signing Domain Identifier (SDID). The module is responsible Signing Domain Identifier (SDID). The module is
dedicated to the assessment of the delivered identifier. Other dedicated to the assessment of the delivered identifier. Other
DKIM (and non-DKIM) values can also be delivered to this module as DKIM (and non-DKIM) values can also be delivered to this module as
well as to a more general message evaluation filtering engine. well as to a more general message evaluation filtering engine.
However, this additional activity is outside the scope of the DKIM However, this additional activity is outside the scope of the DKIM
signature specification. signature specification.
9. RFC4871 Section 3.5 The DKIM-Signature Header Field 9. RFC 4871, Section 3.5, The DKIM-Signature Header Field
Original Text: Original Text:
d= The domain of the signing entity (plain-text; REQUIRED). This is d= The domain of the signing entity (plain-text; REQUIRED). This is
the domain that will be queried for the public key. This domain the domain that will be queried for the public key. This domain
MUST be the same as or a parent domain of the "i=" tag (the MUST be the same as or a parent domain of the "i=" tag (the
signing identity, as described below), or it MUST meet the signing identity, as described below), or it MUST meet the
requirements for parent domain signing described in Section 3.8. requirements for parent domain signing described in Section 3.8.
When presented with a signature that does not meet these When presented with a signature that does not meet these
requirement, verifiers MUST consider the signature invalid. requirement, verifiers MUST consider the signature invalid.
skipping to change at page 7, line 33 skipping to change at page 6, line 49
domain-name = sub-domain 1*("." sub-domain) domain-name = sub-domain 1*("." sub-domain)
; from RFC 2821 Domain, ; from RFC 2821 Domain,
but excluding address-literal but excluding address-literal
Corrected Text: Corrected Text:
d= d=
Specifies the SDID claiming responsibility for an introduction Specifies the SDID claiming responsibility for an introduction
of a message into the mail stream (plain-text; REQUIRED). of a message into the mail stream (plain-text; REQUIRED).
Hence the SDID value is used to form the query for the public Hence, the SDID value is used to form the query for the public
key. The SDID MUST correspond to a valid DNS name under which key. The SDID MUST correspond to a valid DNS name under which
the DKIM key record is published. The conventions and the DKIM key record is published. The conventions and
semantics used by a signer to create and use a specific SDID semantics used by a signer to create and use a specific SDID
are outside the scope of the DKIM Signing specification, as is are outside the scope of the DKIM Signing specification, as is
any use of those conventions and semantics. When presented any use of those conventions and semantics. When presented
with a signature that does not meet these requirements, with a signature that does not meet these requirements,
verifiers MUST consider the signature invalid. verifiers MUST consider the signature invalid.
Internationalized domain names MUST be encoded as described in Internationalized domain names MUST be encoded as described in
[RFC3490]. [RFC3490].
ABNF: ABNF:
sig-d-tag = %x64 [FWS] "=" [FWS] domain-name sig-d-tag = %x64 [FWS] "=" [FWS] domain-name
domain-name = sub-domain 1*("." sub-domain) domain-name = sub-domain 1*("." sub-domain)
; from RFC 5321 Domain, ; from RFC 5321 Domain,
but excluding address-literal but excluding address-literal
10. RFC4871 Section 3.5 The DKIM-Signature Header Field 10. RFC 4871, Section 3.5, The DKIM-Signature Header Field
Original Text: Original Text:
i= Identity of the user or agent (e.g., a mailing list manager) on i= Identity of the user or agent (e.g., a mailing list manager) on
behalf of which this message is signed (dkim-quoted-printable; behalf of which this message is signed (dkim-quoted-printable;
OPTIONAL, default is an empty Local-part followed by an "@" OPTIONAL, default is an empty Local-part followed by an "@"
followed by the domain from the "d=" tag). The syntax is a followed by the domain from the "d=" tag). The syntax is a
standard email address where the Local-part MAY be omitted. The standard email address where the Local-part MAY be omitted. The
domain part of the address MUST be the same as or a subdomain of domain part of the address MUST be the same as or a subdomain of
the value of the "d=" tag. the value of the "d=" tag.
skipping to change at page 9, line 35 skipping to change at page 8, line 49
The AUID is specified as having the same syntax as an email The AUID is specified as having the same syntax as an email
address, but is not required to have the same semantics. address, but is not required to have the same semantics.
Notably, the domain name is not required to be registered in Notably, the domain name is not required to be registered in
the DNS -- so it might not resolve in a query -- and the Local- the DNS -- so it might not resolve in a query -- and the Local-
part MAY be drawn from a namespace that does not contain the part MAY be drawn from a namespace that does not contain the
user's mailbox. The details of the structure and semantics for user's mailbox. The details of the structure and semantics for
the namespace are determined by the Signer. Any knowledge or the namespace are determined by the Signer. Any knowledge or
use of those details by verifiers or assessors is outside the use of those details by verifiers or assessors is outside the
scope of the DKIM Signing specification. The Signer MAY choose scope of the DKIM Signing specification. The Signer MAY choose
to use the same namespace for its AUIDs as its users' email to use the same namespace for its AUIDs as its users' email
addresses, or MAY choose other means of representing its users. addresses or MAY choose other means of representing its users.
However, the signer SHOULD use the same AUID for each message However, the signer SHOULD use the same AUID for each message
intended to be evaluated as being within the same sphere of intended to be evaluated as being within the same sphere of
responsibility, if it wishes to offer receivers the option of responsibility, if it wishes to offer receivers the option of
using the AUID as a stable identifier that is finer grained using the AUID as a stable identifier that is finer grained
than the SDID. than the SDID.
INFORMATIVE NOTE: The Local-part of the "i=" tag is optional INFORMATIVE NOTE: The Local-part of the "i=" tag is optional
because in some cases a signer may not be able to establish a because, in some cases, a signer may not be able to establish a
verified individual identity. In such cases, the signer might verified individual identity. In such cases, the signer might
wish to assert that although it is willing to go as far as wish to assert that although it is willing to go as far as
signing for the domain, it is unable or unwilling to commit to signing for the domain, it is unable or unwilling to commit to
an individual user name within their domain. It can do so by an individual user name within their domain. It can do so by
including the domain part but not the Local-part of the including the domain part but not the Local-part of the
identity. identity.
11. RFC4871 Section 3.8 Signing by Parent Domains 11. RFC 4871, Section 3.8, Signing by Parent Domains
Original Text: Original Text:
e.g., a key record for the domain example.com can be used to verify e.g., a key record for the domain example.com can be used to
messages where the signing identity ("i=" tag of the signature) is verify messages where the signing identity ("i=" tag of the
sub.example.com, or even sub1.sub2.example.com. In order to limit signature) is sub.example.com, or even sub1.sub2.example.com. In
the capability of such keys when this is not intended, the "s" flag order to limit the capability of such keys when this is not
may be set in the "t=" tag of the key record to constrain the intended, the "s" flag may be set in the "t=" tag of the key
validity of the record to exactly the domain of the signing identity. record to constrain the validity of the record to exactly the
If the referenced key record contains the "s" flag as part of the domain of the signing identity. If the referenced key record
"t=" tag, the domain of the signing identity ("i=" flag) MUST be the contains the "s" flag as part of the "t=" tag, the domain of the
same as that of the d= domain. If this flag is absent, the domain of signing identity ("i=" flag) MUST be the same as that of the d=
the signing identity MUST be the same as, or a subdomain of, the d= domain. If this flag is absent, the domain of the signing
domain. identity MUST be the same as, or a subdomain of, the d= domain.
Corrected Text: Corrected Text:
...for example, a key record for the domain example.com can be ...for example, a key record for the domain example.com can be
used to verify messages where the AUID ("i=" tag of the signature) used to verify messages where the AUID ("i=" tag of the signature)
is sub.example.com, or even sub1.sub2.example.com. In order to is sub.example.com, or even sub1.sub2.example.com. In order to
limit the capability of such keys when this is not intended, the limit the capability of such keys when this is not intended, the
"s" flag MAY be set in the "t=" tag of the key record, to "s" flag MAY be set in the "t=" tag of the key record, to
constrain the validity of the domain of the AUID. If the constrain the validity of the domain of the AUID. If the
referenced key record contains the "s" flag as part of the "t=" referenced key record contains the "s" flag as part of the "t="
tag, the domain of the AUID ("i=" flag) MUST be the same as that tag, the domain of the AUID ("i=" flag) MUST be the same as that
of the SDID (d=) domain. If this flag is absent, the domain of of the SDID (d=) domain. If this flag is absent, the domain of
the AUID MUST be the same as, or a subdomain of, the SDID. the AUID MUST be the same as, or a subdomain of, the SDID.
12. RFC4871 Section 3.9 Relationship Between SDID and AUID 12. RFC 4871, Section 3.9, Relationship between SDID and AUID
Original Text: (None. New section. Additional text.) Original Text: (None. New section. Additional text.)
Corrected Text: Corrected Text:
DKIM's primary task is to communicate from the Signer to a DKIM's primary task is to communicate from the Signer to a
recipient-side Identity Assessor a single Signing Domain recipient-side Identity Assessor a single Signing Domain
Identifier (SDID) that refers to a responsible identity. DKIM MAY Identifier (SDID) that refers to a responsible identity. DKIM MAY
optionally provide a single responsible Agent or User Identifier optionally provide a single responsible Agent or User Identifier
(AUID). (AUID).
skipping to change at page 11, line 13 skipping to change at page 10, line 31
That is, within its role as a DKIM identifier, additional That is, within its role as a DKIM identifier, additional
semantics cannot be assumed by an Identity Assessor. semantics cannot be assumed by an Identity Assessor.
A receive-side DKIM verifier MUST communicate the Signing Domain A receive-side DKIM verifier MUST communicate the Signing Domain
Identifier (d=) to a consuming Identity Assessor module and MAY Identifier (d=) to a consuming Identity Assessor module and MAY
communicate the Agent or User Identifier (i=) if present. communicate the Agent or User Identifier (i=) if present.
To the extent that a receiver attempts to intuit any structured To the extent that a receiver attempts to intuit any structured
semantics for either of the identifiers, this is a heuristic semantics for either of the identifiers, this is a heuristic
function that is outside the scope of DKIM's specification and function that is outside the scope of DKIM's specification and
semantics. Hence it is relegated to a higher-level service, such semantics. Hence, it is relegated to a higher-level service, such
as a delivery handling filter that integrates a variety of inputs as a delivery handling filter that integrates a variety of inputs
and performs heuristic analysis of them. and performs heuristic analysis of them.
INFORMATIVE DISCUSSION: This document does not require the value INFORMATIVE DISCUSSION: This document does not require the value
of the SDID or AUID to match the identifier in any other message of the SDID or AUID to match the identifier in any other message
header field. This requirement is, instead, an assessor policy header field. This requirement is, instead, an assessor policy
issue. The purpose of such a linkage would be to authenticate the issue. The purpose of such a linkage would be to authenticate the
value in that other header field. This, in turn, is the basis for value in that other header field. This, in turn, is the basis for
applying a trust assessment based on the identifier value. Trust applying a trust assessment based on the identifier value. Trust
is a broad and complex topic and trust mechanisms are subject to is a broad and complex topic and trust mechanisms are subject to
highly creative attacks. The real-world efficacy of any but the highly creative attacks. The real-world efficacy of any but the
most basic bindings between the SDID or AUID and other identities most basic bindings between the SDID or AUID and other identities
is not well established, nor is its vulnerability to subversion by is not well established, nor is its vulnerability to subversion by
an attacker. Hence reliance on the use of such bindings should be an attacker. Hence, reliance on the use of such bindings should
strictly limited. In particular, it is not at all clear to what be strictly limited. In particular, it is not at all clear to
extent a typical end-user recipient can rely on any assurances what extent a typical end-user recipient can rely on any
that might be made by successful use of the SDID or AUID. assurances that might be made by successful use of the SDID or
AUID.
13. RFC4871 Section 6.3 Interpret Results/Apply Local Policy 13. RFC 4871, Section 6.3, Interpret Results/Apply Local Policy
Original Text: Original Text:
It is beyond the scope of this specification to describe what actions It is beyond the scope of this specification to describe what
a verifier system should make, but an authenticated email presents an actions a verifier system should make, but an authenticated email
opportunity to a receiving system that unauthenticated email cannot. presents an opportunity to a receiving system that unauthenticated
Specifically, an authenticated email creates a predictable identifier email cannot. Specifically, an authenticated email creates a
by which other decisions can reliably be managed, such as trust and predictable identifier by which other decisions can reliably be
reputation. Conversely, unauthenticated email lacks a reliable managed, such as trust and reputation. Conversely,
identifier that can be used to assign trust and reputation. unauthenticated email lacks a reliable identifier that can be used
to assign trust and reputation.
Corrected Text: Corrected Text:
It is beyond the scope of this specification to describe what It is beyond the scope of this specification to describe what
actions an Identity Assessor can make, but mail carrying a actions an Identity Assessor can make, but mail carrying a
validated SDID presents an opportunity to an Identity Assessor validated SDID presents an opportunity to an Identity Assessor
that unauthenticated email does not. Specifically, an that unauthenticated email does not. Specifically, an
authenticated email creates a predictable identifier by which authenticated email creates a predictable identifier by which
other decisions can reliably be managed, such as trust and other decisions can reliably be managed, such as trust and
reputation. reputation.
14. RFC4871 Section 6.3 Interpret Results/Apply Local Policy 14. RFC 4871, Section 6.3, Interpret Results/Apply Local Policy
Original Text: Original Text:
Once the signature has been verified, that information MUST be Once the signature has been verified, that information MUST be
conveyed to higher-level systems (such as explicit allow/whitelists conveyed to higher-level systems (such as explicit allow/
and reputation systems) and/or to the end user. If the message is whitelists and reputation systems) and/or to the end user. If the
signed on behalf of any address other than that in the From: header message is signed on behalf of any address other than that in the
field, the mail system SHOULD take pains to ensure that the actual From: header field, the mail system SHOULD take pains to ensure
signing identity is clear to the reader. that the actual signing identity is clear to the reader.
Corrected Text: Corrected Text:
Once the signature has been verified, that information MUST be Once the signature has been verified, that information MUST be
conveyed to the Identity Assessor (such as an explicit allow/ conveyed to the Identity Assessor (such as an explicit allow/
whitelist and reputation system) and/or to the end user. If the whitelist and reputation system) and/or to the end user. If the
SDID is not the same as the address in the From: header field, the SDID is not the same as the address in the From: header field, the
mail system SHOULD take pains to ensure that the actual SDID is mail system SHOULD take pains to ensure that the actual SDID is
clear to the reader. clear to the reader.
15. RFC4871 Appendix D. MUA Considerations 15. RFC 4871, Appendix D, MUA Considerations
Original Text: The tendency is to have the MUA highlight the Original Text:
address associated with this signing identity in some way, in an
attempt to show the user the address from which the mail was sent.
Corrected Text: The tendency is to have the MUA highlight the SDID, The tendency is to have the MUA highlight the address associated
in an attempt to show the user the identity that is claiming with this signing identity in some way, in an attempt to show the
responsibility for the message. user the address from which the mail was sent.
Corrected Text:
The tendency is to have the MUA highlight the SDID, in an attempt
to show the user the identity that is claiming responsibility for
the message.
16. Security Considerations 16. Security Considerations
This Update clarifies core details about DKIM's payload. As such it This Update clarifies core details about DKIM's payload. As such, it
affects interoperability, semantic characterization, and the affects interoperability, semantic characterization, and the
expectations for the identifiers carried with a DKIM signature. expectations for the identifiers carried with a DKIM signature.
Clarification of these details is likely to limit misinterpretation Clarification of these details is likely to limit misinterpretation
of DKIM's semantics. Since DKIM is fundamentally a security of DKIM's semantics. Since DKIM is fundamentally a security
protocol, this should improve its security characteristics. protocol, this should improve its security characteristics.
17. IANA Considerations 17. Normative References
This document has no actions for IANA.
18. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3490] Faltstrom, P., Hoffman, P., and A. Costello, [RFC3490] Faltstrom, P., Hoffman, P., and A. Costello,
"Internationalizing Domain Names in Applications (IDNA)", "Internationalizing Domain Names in Applications (IDNA)",
RFC 3490, March 2003. RFC 3490, March 2003.
[RFC4871] Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, [RFC4871] Allman, E., Callas, J., Delany, M., Libbey, M., Fenton,
J., and M. Thomas, "DomainKeys Identified Mail (DKIM) J., and M. Thomas, "DomainKeys Identified Mail (DKIM)
Signatures", RFC 4871, May 2007. Signatures", RFC 4871, May 2007.
Appendix A. Acknowledgements Appendix A. ABNF Fragments
This appendix contains the full set of corrected ABNF fragments
defined in this document.
Copyright (c) 2009 IETF Trust and the persons identified as authors
of the code. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
- Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the
distribution.
- Neither the name of Internet Society, IETF or IETF Trust, nor the
names of specific contributors, may be used to endorse or promote
products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This version of this MIB module is part of RFC 5672; see the RFC
itself for full legal notices.
sig-d-tag = %x64 [FWS] "=" [FWS] domain-name
domain-name = sub-domain 1*("." sub-domain)
; from RFC 5321 Domain,
but excluding address-literal
sig-i-tag = %x69 [FWS] "=" [FWS]
[ Local-part ] "@" domain-name
Appendix B. Acknowledgements
This document was initially formulated by an ad hoc design team, This document was initially formulated by an ad hoc design team,
comprising: Jon Callas, D. Crocker, J. D. Falk, Michael Hammer, Tony comprising: Jon Callas, D. Crocker, J. D. Falk, Michael Hammer, Tony
Hansen, Murray Kucherawy, John Levine, Jeff Macdonald, Ellen Siegel Hansen, Murray Kucherawy, John Levine, Jeff Macdonald, Ellen Siegel,
and Wietse Venema. The final version of the document was developed and Wietse Venema. The final version of the document was developed
through vigorous discussion in the IETF DKIM working group. through vigorous discussion in the IETF DKIM working group.
Author's Address Author's Address
D. Crocker (editor) D. Crocker (editor)
Brandenburg InternetWorking Brandenburg InternetWorking
Phone: +1.408.246.8253 Phone: +1.408.246.8253
Email: dcrocker@bbiw.net EMail: dcrocker@bbiw.net
 End of changes. 51 change blocks. 
165 lines changed or deleted 201 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/