DKIM                                                     D. Crocker, Ed.
Internet-Draft                               Brandenburg InternetWorking
Intended status: Standards Track                        January 25,                        February 2, 2009
Expires: July 29, August 6, 2009

    RFC 4871 DomainKeys Identified Mail (DKIM) Signatures -- Errata
                   draft-ietf-dkim-rfc4871-errata-00
                   draft-ietf-dkim-rfc4871-errata-01

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on July 29, August 6, 2009.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Abstract

   This documents and resolves errata for RFC 4871, DomainKeys
   Identified Mail (DKIM) Signatures.  Specifically the document
   clarifies the nature, roles and relationship of the two DKIM
   identifier tag values that are candidates for payload delivery to a
   receiving processing module.

Errata Contact Fields

   Name:   Dave Crocker

   Email:   dcrocker@bbiw.net

Type

   Technical

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Section 2.7 Identity Assessor  RFC 4871 Abstract . . . . . . . . . . . . . . . . . . . . . . . 3
   3.  RFC4871 Section 2.8 Signing Domain Identifier (SDID) 1. Introduction . . . . . . . . . . . . . . . . 3
   4.  RFC4871 Section 2.9 User Agent Identifier (UAID) 2.7 Identity  . . . . . . . . . . . . . . . . . 4
   5.  RFC4871 Section 3.9 Relationship Between SDID and UAID 2.8 Identifier  . . . . . . . . . . . . . . . . 4
   6.  RFC4871 Section 3.5 The DKIM-Signature Header Field 2.9 Signing Domain Identifier (SDID)  . . . . . 4
   7.  RFC4871 Section 2.10 User Agent Identifier (UAID) . . . . . . . 4
   8.  RFC4871 Section 2.11 Identity Assessor  . . . . . . . . . . . . 5
   7.
   9.  RFC4871 Section 3.9 Relationship Between SDID and UAID  . . . . 5
   10. RFC4871 Section 3.5 The DKIM-Signature Header Field . . . . . . 6
   11. RFC4871 Section 3.5 The DKIM-Signature Header Field . . . . . . 5
   8. 6
   12. RFC4871 Section 3.8.  Signing by Parent Domains . . . . . . . . . . . . 5
   9. 6
   13. RFC4871 Section 6.3.  Interpret Results/Apply Local Policy  . . . . . . 6
   10. 7
   14. RFC4871 Section 6.3.  Interpret Results/Apply Local Policy  . . . . . . 6
   11. 7
   15. RFC4871 Appendix D.  MUA Considerations . . . . . . . . . . . . . . . . 7
   12. 8
   16. Security Considerations . . . . . . . . . . . . . . . . . . . . 7
   13. 8
   17. Normative References  . . . . . . . . . . . . . . . . . . . . . 7 8
   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . . . 7 8
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . . . 7 8

1.  Introduction

   About the purpose for DKIM, [RFC4871] states:

      The ultimate goal of this framework is to permit a signing domain
      to assert responsibility for a message, thus protecting message
      signer identity...

   Hence, DKIM has a signer, signer that produces a validator and signed message, a consumer of verifier
   that confirms the signature and an assessor that consumes the
   validated signing domain.  In effect, so the simple purpose of DKIM is to
   communicate
   that "responsible" domain name an identifier to a receive-side consuming assessor module.  The
   identifier is in the form of a domain name that refers to a
   responsible identity.  For DKIM to be interoperable and useful,
   signer and consumer assessor must share the same understanding of the details
   about the name. identifier.

   However the specification defines two, potentially different
   identifiers that are carried in the DKIM-Signature: header field and
   might be delivered to a receiving processing module that consumes
   validated payload.  The DKIM specification fails to clearly define
   what is "payload" to be delivered to a consuming module, versus what
   is internal and merely in support of achieving payload delivery.

   This currently leaves signers and consumers assessors with the potential for
   having differing -- and therefore non-interoperable --
   interpretations of how DKIM operates.

   This erratum resolves this confusion.  It defines new labels for the
   two values, clarifies their nature, and specifies and their
   relationship.

2.  RFC 4871 Abstract

   Original Text:   The ultimate goal of this framework is to permit a
      signing domain to assert responsibility

   Corrected Text:   The ultimate goal of this framework is to permit a
      person, role or organization that owns the signing domain to
      assert responsibility

3.  RFC4871 Section 1. Introduction
   Original Text:   permitting a signing domain to claim responsibility

   Corrected Text:   permitting a person, role or organization that owns
      the signing domain to claim responsibility

4.  RFC4871 Section 2.7 Identity Assessor

   A person, role or organization.

   Original Text:   (None.  Additional text.)

   Corrected Text:   The name of the module which consumes DKIM's
      primary payload, the responsible Signing Domain Identifier (SDID).
      It can optionally consume the User Agent   A person, role or organization.

5.  RFC4871 Section 2.8 Identifier (UAID) value,
      if provided

   Original Text:   (None.  Additional text.)

   Corrected Text:   A label that refers to the module.  Details of this module are outside the
      scope of the DKIM specification.

3. an identity.

6.  RFC4871 Section 2.8 2.9 Signing Domain Identifier (SDID)

   Original Text:   (None.  Additional text.)

   Corrected Text:   A single, opaque value that is the mandatory
      payload output of DKIM and which that refers to the identity claiming
      responsibility for the introduction of a message into the mail
      stream.

4.  Within the scope of the DKIM Signing specification, the
      conventions and semantics used by a signer to create and use a
      specific SDID are outside the scope of the DKIM Signing
      specification, as is any use of those conventions and semantics.

7.  RFC4871 Section 2.9 2.10 User Agent Identifier (UAID)

   Original Text:   (None.  Additional text.)

   Corrected Text:   A single, opaque value that is the optional,
      additional payload output of DKIM and which that identifies the user or
      agent on behalf of whom the SDID has taken responsibility.

5.  The
      conventions and semantics used by a signer to create and use a
      specific UAID are outside the scope of the DKIM Signing
      specification, as is any use of those conventions and semantics.

8.  RFC4871 Section 2.11 Identity Assessor

   Original Text:   (None.  Additional text.)

   Corrected Text:   The name of the module that consumes DKIM's primary
      payload, the responsible Signing Domain Identifier (SDID).  It can
      optionally consume the User Agent Identifier (UAID) value, if
      provided to the module.  The conventions and semantics used by a
      signer to create and use a specific SDID or UAID are outside the
      scope of the DKIM Signing specification, as is any use of those
      conventions and semantics.

9.  RFC4871 Section 3.9 Relationship Between SDID and UAID

   Original Text:   (None.  This is an addition.)

   Corrected Text:   DKIM's primary task is to communicate from the
      Signer to a recipient-side Identity Assessor a single, responsible Signing
      Domain Identifier (SDID). (SDID) that identifies a responsible identity.
      The SDID MUST be the value of the d= tag.  DKIM MAY optionally
      provide a single responsible User Agent Identifier (UAID); if the
      UAID is present, it MUST be the value of the i= tag.

      The SDID MUST correspond to a valid DNS name under which the DKIM
      key record is published.

      The UAID is specified as having the same syntax as an email
      address, but is not required to have the same semantics.  Notably,
      the domain name is not required to be registered in the DNS -- so
      it might not resolve in a query -- and the Local-part MAY be drawn
      from a namespace that does not contain the user's mailbox.  The
      details of the structure and semantics for the namespace are
      determined by -- and known only to -- the Signer.  Any knowledge or use of those details
      by verifiers or assessors is outside the scope of the DKIM Signing
      specification.  The Signer MAY choose to use the same namespace
      for its UAIDs as its users' email addresses, or MAY choose other
      means of representing its users.  However, the signer SHOULD use
      the same UAID for each message intended to be evaluated as being
      within the same sphere of responsibility, if it wishes to offer
      receivers the option of using the UAID as a finer grained, stable
      identifier than the SDID.

      Hence, DKIM delivers to receive-side Identity Assessors
      responsible Identifiers that are individual, opaque values.  Their
      sub-structures and particular semantics are not publicly defined
      and, therefore, cannot be assumed by an Identity Assessor.

      A receive-side DKIM validator verifier MUST communicate the Signing Domain
      Identifier (d=) to a consuming Identity Assessor module and MAY
      communicate the User Agent Identifier (i=) if present.

      To the extent that a receiver chooses to attempt attempts to interpret intuit any structured
      semantics for either of the identifiers, this is a heuristic
      function that is outside the scope of DKIM's specification and
      semantics.  Hence it is relegated to a higher-
      level higher-level service, such
      as a delivery handling filter that integrates a variety of inputs
      and performs heuristic analysis of them.

6.

10.  RFC4871 Section 3.5 The DKIM-Signature Header Field

   Original Text:   d= The domain of the signing entity.

   Corrected Text:   d= Specifies the SDID claiming responsibility for
      the
      an introduction of a message into the mail stream.

7.

11.  RFC4871 Section 3.5 The DKIM-Signature Header Field

   Original Text:   i= Identity of the user or agent (e.g., a mailing
      list manager) on behalf of which this message is signed

   Corrected Text:   i= The responsible User Agent Identifier (UAID) on
      behalf of which the SDID is taking responsibility.

8.

12.  RFC4871 Section 3.8.  Signing by Parent Domains

   the section where the error appears

   Original Text:   e.g., a key record for the domain example.com can be
      used to verify messages where the signing identity ("i=" tag of
      the signature) is sub.example.com, or even sub1.sub2.example.com.
      In order to limit the capability of such keys when this is not
      intended, the "s" flag may be set in the "t=" tag of the key
      record to constrain the validity of the record to exactly the
      domain of the signing identity.  If the referenced key record
      contains the "s" flag as part of the "t=" tag, the domain of the
      signing identity ("i=" flag) MUST be the same as that of the d=
      domain.  If this flag is absent, the domain of the signing
      identity MUST be the same as, or a subdomain of, the d=
   Corrected Text:   For example, a key record for the domain
      example.com can be used to verify messages where the UAID ("i="
      tag of the signature) is sub.example.com, or even
      sub1.sub2.example.com.  In order to limit the capability of such
      keys when this is not intended, the "s" flag MAY be set in the
      "t=" tag of the key record, to constrain the validity of the
      domain of the UAID.  If the referenced key record contains the "s"
      flag as part of the "t=" tag, the domain of the UAID ("i=" flag)
      MUST be the same as that of the SDID (d=) domain.  If this flag is
      absent, the domain of the UAID MUST be the same as, or a subdomain
      of, the SDID.

9.

13.  RFC4871 Section 6.3.  Interpret Results/Apply Local Policy

   Original Text:   It is beyond the scope of this specification to
      describe what actions a verifier system should make, but an
      authenticated email presents an opportunity to a receiving system
      that unauthenticated email cannot.  Specifically, an authenticated
      email creates a predictable identifier by which other decisions
      can reliably be managed, such as trust and reputation.

   Corrected Text:   It is beyond the scope of this specification to
      describe what actions an Identity Assessor can make, but mail
      carrying a validated SDID presents an opportunity to an Identity
      Assessor that unauthenticated email does not Specifically, an
      authenticated email creates a predictable identifier by which
      other decisions can reliably be managed, such as trust and
      reputation.

10.

14.  RFC4871 Section 6.3.  Interpret Results/Apply Local Policy

   Original Text:   Once the signature has been verified, that
      information MUST be conveyed to higher-level systems (such as
      explicit allow/whitelists and reputation systems) and/or to the
      end user.  If the message is signed on behalf of any address other
      than that in the From: header field, the mail system SHOULD take
      pains to ensure that the actual signing identity is clear to the
      reader.

   Corrected Text:   Once the signature has been verified, that
      information MUST be conveyed to the Identity Assessor (such as an
      explicit allow/whitelist and reputation system) and/or to the end
      user.  If the UAID SDID is not the same as the address in the From:
      header field, the mail system SHOULD take pains to ensure that the
      actual UAID SDID is clear to the reader.

11.

15.  RFC4871 Appendix D.  MUA Considerations

   Original Text:   The tendency is to have the MUA highlight the
      address associated with this signing identity in some way, in an
      attempt to show the user the address from which the mail was sent.

   Corrected Text:   The tendency is to have the MUA highlight the UAID, SDID,
      in an attempt to show the user the identity that is claiming
      responsibility for the message.

12.

16.  Security Considerations

   This Errata document clarifies core details about DKIM's payload.  As
   such it affects interoperability, semantic characterization, and the
   expectations for the identifiers carried with a DKIM signature.
   Clarification of these details is likely to limit misinterpretation
   of DKIM's semantics.  Since DKIM is fundamentally a security
   protocol, this should improve its security characteristics.

13.

17.  Normative References

   [RFC4871]  Sendmail, Inc., PGP Corporation, Yahoo! Inc, Yahoo! Inc,
              Cisco Systems, Inc., and Cisco Systems, Inc.,  Allman, E., Callas, J., Delany, M., Libbey, M., Fenton,
              J., and M. Thomas, "DomainKeys Identified Mail (DKIM)
              Signatures", RFC 4871, May 2007.

Appendix A.  Acknowledgements

   This document was initially formulated by an ad hoc design team,
   comprising: Jon Callas, J D Falk, Jim Fenton, Tony Hansen, Murray
   Kucherawy, John Levine, Michael Hammer, Jeff Macdonald, Ellen Siegel,
   Wietse Venema.  It represents a rough consensus of that effort,
   although the final wording of the submitted draft is the sole
   responsibility (d=) of the listed author.

Author's Address

   D. Crocker (editor)
   Brandenburg InternetWorking

   Phone: +1.408.246.8253
   Email: dcrocker@bbiw.net