Re: Using OpenDKIM for iSchedule

From: SM <sm_at_resistor.net>
Date: Wed, 06 Jun 2012 15:14:54 -0700

Hi Ken,
At 13:17 06-06-2012, Ken Murchison wrote:
>I'm investigating using libopendkim for our CalDAV/iSchedule server.
>The iSchedule spec is still being developed, but it will most
>certainly rely on DKIM (or DOSETA if that effort is still alive).
>
>I have two questions about using the library as it currently exists:
>
>1. Is there a way to keep the library from requiring a From:
>header, other that modifying the source? This obviously makes it
>email-centric.

The From: header is required as mentioned in Section 5.4 of RFC
6376. The only way around that is to modify the source.

>2. What is the proper way to include an extra instance of a header
>field name in "h=", per section 5.4.2 of RFC 6373? iSchedule will
>most likely require that "h=" includes the number of Recipient:
>headers + 1, to protect from intermediaries adding
>Recipients. Obviously, the signer needs to add the extra instance,
>but does the verifier have to as well?

See dkim_options() and DKIM_OPTS_ALWAYSHDRS for signing. If a header
is listed in "h=", the verifier will automatically look for it. That
"protects" from the header being added in transit if it was not
present during DKIM signing. BTW, the To" and Cc: headers are
signed. Isn't that adequate protection from a RFC 5322 perspective?

>Does the extra instance get added before or after the actual headers?

I suggest doing header insertion instead of appending a header.

>I'm willing to do any work that needs to be done to add to or modify
>existing APIs to allow libopendkim to be used for iSchedule. I'm
>also open to helping with a libdoseta if need be.

I'll leave it to Murray to respond to this.

Regards,
-sm
Received on Wed Jun 06 2012 - 22:15:05 PST