RFC Errata
RFC 4871, "DomainKeys Identified Mail (DKIM) Signatures", May 2007
Note: This RFC has been obsoleted by RFC 6376
Note: This RFC has been updated by RFC 5672
Source of RFC: dkim (sec)
Errata ID: 1382
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Tony Hansen
Date Reported: 2008-03-21
Held for Document Update by: Pasi Eronen
Section 3.6.1 says:
s= Service Type (plain-text; OPTIONAL; default is "*"). A colon- separated list of service types to which this record applies. Verifiers for a given service type MUST ignore this record if the appropriate type is not listed. Currently defined service types are as follows: * matches all service types email electronic mail (not necessarily limited to SMTP) This tag is intended to constrain the use of keys for other purposes, should use of DKIM be defined by other services in the future.
It should say:
s= Service Type (plain-text; OPTIONAL; default is "*"). A colon- separated list of service types to which this record applies. Verifiers for a given service type MUST ignore this record if the appropriate type is not listed. Currently defined service types are as follows: * matches all service types email electronic mail (not necessarily limited to SMTP) Unrecognized service types MUST be ignored. This tag is intended to constrain the use of keys for other purposes, should use of DKIM be defined by other services in the future.
Notes:
From the October 2008 interop event:
DNS Key Interoperability Issues: “s=” in key records
* §3.6.1 doesn't say what to do if one of the colon-separated words is a word not enumerated in the “currently defined service types”
s=foo:email:bar
* No explicit guidance about what to do with clearly bogus values, e.g.
s=*:email
* Consensus is to ignore any colon-separated value not recognized and only pay attention to “*” and “email” for DKIM e-mail implementations