draft-ietf-dkim-rfc4871-errata-03.txt   draft-ietf-dkim-rfc4871-errata-04.txt 
DKIM D. Crocker, Ed. DKIM D. Crocker, Ed.
Internet-Draft Brandenburg InternetWorking Internet-Draft Brandenburg InternetWorking
Updates: RFC4871 April 3, 2009 Updates: RFC4871 April 14, 2009
(if approved) (if approved)
Intended status: Standards Track Intended status: Standards Track
Expires: October 5, 2009 Expires: October 16, 2009
RFC 4871 DomainKeys Identified Mail (DKIM) Signatures -- Update RFC 4871 DomainKeys Identified Mail (DKIM) Signatures -- Update
draft-ietf-dkim-rfc4871-errata-03 draft-ietf-dkim-rfc4871-errata-04
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from IETF Standards Process. Without obtaining an adequate license from
skipping to change at page 1, line 44 skipping to change at page 1, line 44
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on October 5, 2009. This Internet-Draft will expire on October 16, 2009.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info). publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 30 skipping to change at page 2, line 30
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. RFC 4871 Abstract . . . . . . . . . . . . . . . . . . . . . . 3 2. RFC 4871 Abstract . . . . . . . . . . . . . . . . . . . . . . 3
3. RFC4871 Section 1. Introduction . . . . . . . . . . . . . . . 4 3. RFC4871 Section 1. Introduction . . . . . . . . . . . . . . . 4
4. RFC4871 Section 2.7 Identity . . . . . . . . . . . . . . . . . 4 4. RFC4871 Section 2.7 Identity . . . . . . . . . . . . . . . . . 4
5. RFC4871 Section 2.8 Identifier . . . . . . . . . . . . . . . . 4 5. RFC4871 Section 2.8 Identifier . . . . . . . . . . . . . . . . 4
6. RFC4871 Section 2.9 Signing Domain Identifier (SDID) . . . . . 4 6. RFC4871 Section 2.9 Signing Domain Identifier (SDID) . . . . . 4
7. RFC4871 Section 2.10 Agent or User Identifier (AUID) . . . . . 5 7. RFC4871 Section 2.10 Agent or User Identifier (AUID) . . . . . 5
8. RFC4871 Section 2.11 Identity Assessor . . . . . . . . . . . . 5 8. RFC4871 Section 2.11 Identity Assessor . . . . . . . . . . . . 5
9. RFC4871 Section 3.5 The DKIM-Signature Header Field . . . . . 5 9. RFC4871 Section 3.5 The DKIM-Signature Header Field . . . . . 6
10. RFC4871 Section 3.5 The DKIM-Signature Header Field . . . . . 6 10. RFC4871 Section 3.5 The DKIM-Signature Header Field . . . . . 7
11. RFC4871 Section 3.8. Signing by Parent Domains . . . . . . . 9 11. RFC4871 Section 3.8. Signing by Parent Domains . . . . . . . 9
12. RFC4871 Section 3.9 Relationship Between SDID and AUID . . . . 9 12. RFC4871 Section 3.9 Relationship Between SDID and AUID . . . . 9
13. RFC4871 Section 6.3. Interpret Results/Apply Local Policy . . 10 13. RFC4871 Section 6.3. Interpret Results/Apply Local Policy . . 10
14. RFC4871 Section 6.3. Interpret Results/Apply Local Policy . . 11 14. RFC4871 Section 6.3. Interpret Results/Apply Local Policy . . 11
15. RFC4871 Appendix D. MUA Considerations . . . . . . . . . . . 11 15. RFC4871 Appendix D. MUA Considerations . . . . . . . . . . . 11
16. Security Considerations . . . . . . . . . . . . . . . . . . . 11 16. Security Considerations . . . . . . . . . . . . . . . . . . . 11
17. Normative References . . . . . . . . . . . . . . . . . . . . . 12 17. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
18. Normative References . . . . . . . . . . . . . . . . . . . . . 12
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 12 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 12
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 12 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction 1. Introduction
About the purpose for DKIM, [RFC4871] states: About the purpose for DKIM, [RFC4871] states:
The ultimate goal of this framework is to permit a signing domain The ultimate goal of this framework is to permit a signing domain
to assert responsibility for a message, thus protecting message to assert responsibility for a message, thus protecting message
signer identity... signer identity...
Hence, DKIM has a signer that produces a signed message, a verifier Hence, DKIM has a signer that produces a signed message, a verifier
that confirms the signature and an assessor that consumes the that confirms the signature and an assessor that consumes the
validated signing domain. So the simple purpose of DKIM is to validated signing domain. So the simple purpose of DKIM is to
communicate an identifier to a receive-side assessor module. The communicate an identifier to a receive-side assessor module. The
identifier is in the form of a domain name that refers to a identifier is in the form of a domain name that refers to a
responsible identity. For DKIM to be interoperable and useful, responsible identity. For DKIM to be interoperable and useful,
signer and assessor must share the same understanding of the details signer and assessor must share the same understanding of the details
about the identifier. about the identifier.
However the RFC5871 specification defines two, potentially different However the RFC4871 specification defines two, potentially different
identifiers that are carried in the DKIM-Signature: header field, d= identifiers that are carried in the DKIM-Signature: header field, d=
and i=. Either might be delivered to a receiving processing module and i=. Either might be delivered to a receiving processing module
that consumes validated payload. The DKIM specification fails to that consumes validated payload. The DKIM specification fails to
clearly define what is "payload" to be delivered to a consuming clearly define what is "payload" to be delivered to a consuming
module, versus what is internal and merely in support of achieving module, versus what is internal and merely in support of achieving
payload delivery. payload delivery.
This currently leaves signers and assessors with the potential for This currently leaves signers and assessors with the potential for
having differing -- and therefore non-interoperable -- having differing -- and therefore non-interoperable --
interpretations of how DKIM operates. interpretations of how DKIM operates.
This update resolves this confusion. It defines new labels for the This update resolves this confusion. It defines new labels for the
two values, clarifies their nature, and specifies and their two values, clarifies their nature, and specifies and their
relationship. relationship.
NOTE: The text provided here updates [RFC4871]. All references and
all appearances of RFC-2119 keywords are replacing text in RFC
4871. Hence those references are in that document and are not
needed here.
2. RFC 4871 Abstract 2. RFC 4871 Abstract
Original Text: Original Text:
The ultimate goal of this framework is to permit a signing domain The ultimate goal of this framework is to permit a signing domain
to assert responsibility for a message, to assert responsibility for a message,
Corrected Text: Corrected Text:
The ultimate goal of this framework is to permit a person, role or The ultimate goal of this framework is to permit a person, role or
organization that owns the signing domain to assert responsibility organization that owns the signing domain to assert responsibility
for a message, for a message,
3. RFC4871 Section 1. Introduction 3. RFC4871 Section 1. Introduction
Original Text: Original Text:
skipping to change at page 5, line 9 skipping to change at page 5, line 14
Original Text: Original Text:
(None. Additional text.) (None. Additional text.)
Corrected Text: Corrected Text:
A single domain name that is the mandatory payload output of DKIM A single domain name that is the mandatory payload output of DKIM
and that refers to the identity claiming responsibility for and that refers to the identity claiming responsibility for
introduction of a message into the mail stream. For DKIM introduction of a message into the mail stream. For DKIM
processing, the name has only basic domain name semantics; any processing, the name has only basic domain name semantics; any
possible owner-specific semantics is outside the scope of DKIM. possible owner-specific semantics are outside the scope of DKIM.
It is specified in section 3.5. It is specified in section 3.5.
7. RFC4871 Section 2.10 Agent or User Identifier (AUID) 7. RFC4871 Section 2.10 Agent or User Identifier (AUID)
Original Text: Original Text:
(None. Additional text.) (None. Additional text.)
Corrected Text: Corrected Text:
A single domain name that identifies the agent or user on behalf A single identifier that refers to the agent or user on behalf of
of whom the SDID has taken responsibility. For DKIM processing, whom the SDID has taken responsibility. The AUID comprises a
the domain name portion of the AUID has only basic domain name domain name and an optional <Local-part>. The domain name is the
semantics; any possible owner-specific semantics is outside the same as that used for the SDID or is a sub-domain of it. For DKIM
scope of DKIM. It is specified in section 3.5. processing, the domain name portion of the AUID has only basic
domain name semantics; any possible owner-specific semantics are
outside the scope of DKIM. It is specified in section 3.5.
8. RFC4871 Section 2.11 Identity Assessor 8. RFC4871 Section 2.11 Identity Assessor
Original Text: Original Text:
(None. Additional text.) (None. Additional text.)
Corrected Text: Corrected Text:
The name of the module that consumes DKIM's mandatory payload, the The name of the module that consumes DKIM's mandatory payload, the
skipping to change at page 7, line 38 skipping to change at page 7, line 42
identity. identity.
INFORMATIVE DISCUSSION: This document does not require the value INFORMATIVE DISCUSSION: This document does not require the value
of the "i=" tag to match the identity in any message header of the "i=" tag to match the identity in any message header
fields. This is considered to be a verifier policy issue. fields. This is considered to be a verifier policy issue.
Constraints between the value of the "i=" tag and other Constraints between the value of the "i=" tag and other
identities in other header fields seek to apply basic identities in other header fields seek to apply basic
authentication into the semantics of trust associated with a authentication into the semantics of trust associated with a
role such as content author. Trust is a broad and complex role such as content author. Trust is a broad and complex
topic and trust mechanisms are subject to highly creative topic and trust mechanisms are subject to highly creative
attacks. The real-world efficacy of any but the most basic attacks. The real-world efficacy of
bindings between the "i=" value and other identities is not bindings between the "i=" value and other identities is not
well established, nor is its vulnerability to subversion by well established, nor is its vulnerability to subversion by
an attacker. Hence reliance on the use of these options an attacker. Hence reliance on the use of these options
should be strictly limited. In particular, it is not at all should be strictly limited. In particular, it is not at all
clear to what extent a typical end-user recipient can rely on clear to what extent a typical end-user recipient can rely on
any assurances that might be made by successful use of the any assurances that might be made by successful use of the
"i=" options. "i=" options.
Corrected Text: Corrected Text:
skipping to change at page 9, line 41 skipping to change at page 9, line 41
of the SDID (d=) domain. If this flag is absent, the domain of of the SDID (d=) domain. If this flag is absent, the domain of
the AUID MUST be the same as, or a subdomain of, the SDID. the AUID MUST be the same as, or a subdomain of, the SDID.
12. RFC4871 Section 3.9 Relationship Between SDID and AUID 12. RFC4871 Section 3.9 Relationship Between SDID and AUID
Original Text: (None. This is an addition.) Original Text: (None. This is an addition.)
Corrected Text: Corrected Text:
DKIM's primary task is to communicate from the Signer to a DKIM's primary task is to communicate from the Signer to a
recipient-side Identity Assessor a single, Signing Domain recipient-side Identity Assessor a single Signing Domain
Identifier (SDID) that refers to a responsible identity. DKIM MAY Identifier (SDID) that refers to a responsible identity. DKIM MAY
optionally provide a single responsible Agent or User Identifier optionally provide a single responsible Agent or User Identifier
(AUID). (AUID).
Hence, DKIM's mandatory delivery to a receive-side Identity Hence, DKIM's mandatory output to a receive-side Identity Assessor
Assessor is a single domain name. Within the scope of its use as is a single domain name. Within the scope of its use as DKIM
DKIM output, the name has only basic domain name semantics; any output, the name has only basic domain name semantics; any
possible owner-specific semantics is outside the scope of DKIM. possible owner-specific semantics are outside the scope of DKIM.
That is, within its role as a DKIM identifier, additional That is, within its role as a DKIM identifier, additional
semantics cannot be assumed by an Identity Assessor. semantics cannot be assumed by an Identity Assessor.
A receive-side DKIM verifier MUST communicate the Signing Domain A receive-side DKIM verifier MUST communicate the Signing Domain
Identifier (d=) to a consuming Identity Assessor module and MAY Identifier (d=) to a consuming Identity Assessor module and MAY
communicate the User Agent Identifier (i=) if present. communicate the User Agent Identifier (i=) if present.
To the extent that a receiver attempts to intuit any structured To the extent that a receiver attempts to intuit any structured
semantics for either of the identifiers, this is a heuristic semantics for either of the identifiers, this is a heuristic
function that is outside the scope of DKIM's specification and function that is outside the scope of DKIM's specification and
skipping to change at page 12, line 5 skipping to change at page 12, line 5
16. Security Considerations 16. Security Considerations
This Update clarifies core details about DKIM's payload. As such it This Update clarifies core details about DKIM's payload. As such it
affects interoperability, semantic characterization, and the affects interoperability, semantic characterization, and the
expectations for the identifiers carried with a DKIM signature. expectations for the identifiers carried with a DKIM signature.
Clarification of these details is likely to limit misinterpretation Clarification of these details is likely to limit misinterpretation
of DKIM's semantics. Since DKIM is fundamentally a security of DKIM's semantics. Since DKIM is fundamentally a security
protocol, this should improve its security characteristics. protocol, this should improve its security characteristics.
17. Normative References 17. IANA Considerations
This document has no actions for IANA.
18. Normative References
[RFC4871] Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, [RFC4871] Allman, E., Callas, J., Delany, M., Libbey, M., Fenton,
J., and M. Thomas, "DomainKeys Identified Mail (DKIM) J., and M. Thomas, "DomainKeys Identified Mail (DKIM)
Signatures", RFC 4871, May 2007. Signatures", RFC 4871, May 2007.
Appendix A. Acknowledgements Appendix A. Acknowledgements
This document was initially formulated by an ad hoc design team, This document was initially formulated by an ad hoc design team,
comprising: Jon Callas, J D Falk, Tony Hansen, Murray Kucherawy, John comprising: Jon Callas, D. Crocker, J. D. Falk, Michael Hammer, Tony
Levine, Michael Hammer, Jeff Macdonald, Ellen Siegel, Wietse Venema. Hansen, Murray Kucherawy, John Levine, Jeff Macdonald, Ellen Siegel
It was then submitted to the DKIM working group for revision and and Wietse Venema. The final version of the document was developed
approval. through vigorous discussion in the IETF DKIM working group.
Author's Address Author's Address
D. Crocker (editor) D. Crocker (editor)
Brandenburg InternetWorking Brandenburg InternetWorking
Phone: +1.408.246.8253 Phone: +1.408.246.8253
Email: dcrocker@bbiw.net Email: dcrocker@bbiw.net
 End of changes. 16 change blocks. 
26 lines changed or deleted 37 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/