RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4871, "DomainKeys Identified Mail (DKIM) Signatures", May 2007

Note: This RFC has been obsoleted by RFC 6376

Source of RFC: dkim (sec)

Errata ID: 1382
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT

Reported By: Tony Hansen
Date Reported: 2008-03-21
Held for Document Update by: Pasi Eronen

Section 3.6.1 says:

   s=  Service Type (plain-text; OPTIONAL; default is "*").  A colon-
       separated list of service types to which this record applies.
       Verifiers for a given service type MUST ignore this record if the
       appropriate type is not listed.  Currently defined service types
       are as follows:

       *   matches all service types

       email   electronic mail (not necessarily limited to SMTP)

       This tag is intended to constrain the use of keys for other
       purposes, should use of DKIM be defined by other services in the
       future.

It should say:

   s=  Service Type (plain-text; OPTIONAL; default is "*").  A colon-
       separated list of service types to which this record applies.
       Verifiers for a given service type MUST ignore this record if the
       appropriate type is not listed.  Currently defined service types
       are as follows:

       *   matches all service types

       email   electronic mail (not necessarily limited to SMTP)

       Unrecognized service types MUST be ignored.

       This tag is intended to constrain the use of keys for other
       purposes, should use of DKIM be defined by other services in the
       future.

Notes:

From the October 2008 interop event:

DNS Key Interoperability Issues: “s=” in key records

* §3.6.1 doesn't say what to do if one of the colon-separated words is a word not enumerated in the “currently defined service types”
s=foo:email:bar
* No explicit guidance about what to do with clearly bogus values, e.g.
s=*:email
* Consensus is to ignore any colon-separated value not recognized and only pay attention to “*” and “email” for DKIM e-mail implementations

Report New Errata