Re: Results returned by Opendkim in email header

From: Mark Martinec <Mark.Martinec+dkim_at_ijs.si>
Date: Tue, 1 Mar 2011 19:25:16 +0100

Murray,

> Authentication-Results is defined in RFC5451, and the possible DKIM values
> are listed there. The "header.b" extension was added in RFC6008.
> ADSP is defined in RFC5617, and it adds the "dkim-adsp" values.

Toying a bit with OpenDKIM 2.3.0 and RFC 6008 I noticed that the
opendkim can be lured into copying a long b tag from a signature
into its A-R header field (using a duplicated signature), e.g.:

Authentication-Results: mail.ijs.si; dkim=pass (1024-bit key)
        header.i=_at_ijs.si
        
header.b=Dkqr86W+4ro5X4+joacSRJyVkH9+8duNNxXZCYEZjec8Kjo7x4ifvWRtYUhw0hYfNPXrSITyWFpYqnYTjsqW58ZHdoh4vNSfUMTIPgcSK0MS5ETG8h+80loeQjr0crAx791AnnlOi71wi9SxogbLSuF7alw8DSfKmx2a9C37d9Y=;
        dkim-adsp=pass

That makes a 184-character header line, which exceeds the recommended
(SHOULD) size of 78 in RFC 5322. I didn't check if a 998 char limit could
be exceeded in this way.

The RFC 6008 doesn't say anything about a possibility of adding FWS into
the header.b . According to RFC 5451 one could use a quoted-string for
this purpose which may embed FWS, but there is no semantic note
saying that such FWS in a quoted-string of header.b could be ignored.

So, is this a specification problem, or an implementational one?

Btw, it would be nice if RFC 5451 would mandate or at least recommend
that the A-R subfields or separate A-R header fields regarding DK/DKIM
signatures should follow the order of signatures in a mail header section.
The A-R is already declared a trace field, so adding a word on its
internal order would even eliminate the need for RFC 6008.

  Mark
Received on Tue Mar 01 2011 - 18:25:28 PST