Domainkeys Identified Mail (DKIM) Signatures

Domainkeys Identified Mail (DKIM) Signatures

Network Working Group E. Allman Request for Comments: 4871 Sendmail, Inc. Obsoletes: 4870 J. Callas Category: Standards Track PGP Corporation M. Delany M. Libbey Yahoo! Inc J. Fenton M. Thomas Cisco Systems, Inc. May 2007 DomainKeys Identified Mail (DKIM) Signatures Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the “Internet Official Protocol Standards” (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright © The IETF Trust (2007). All Rights Reserved. Abstract DomainKeys Identified Mail (DKIM) defines a domain-level authentication framework for email using public-key cryptography and key server technology to permit verification of the source and contents of messages by either Mail Transfer Agents (MTAs) or Mail User Agents (MUAs). The ultimate goal of this framework is to permit a signing domain to assert responsibility for a message, thus protecting message signer identity and the integrity of the messages they convey while retaining the functionality of Internet email as it is known today. Protection of email identity may assist in the global control of "spam" and "phishing". Allman, et al. Standards Track [Page 1] RFC 4871 DKIM Signatures May 2007 Table of Contents 1 Introduction..............................................................................................................................................5 1.1 Signing Identity.................................................................................................................................... 5 1.2 Scalability..............................................................................................................................................5 1.3 Simple Key Management..................................................................................................................... 6 2 Terminology and Definitions..................................................................................................................7 2.1 Signers...................................................................................................................................................7 2.2 Verifiers................................................................................................................................................ 7 2.3 Whitespace............................................................................................................................................ 7 2.4 Common ABNF Tokens.......................................................................................................................7 2.5 Imported ABNF Tokens.......................................................................................................................8 2.6 DKIM-Quoted-Printable....................................................................................................................... 8 3 Protocol Elements.................................................................................................................................. 10 3.1 Selectors..............................................................................................................................................10 3.2 Tag=Value Lists................................................................................................................................. 11 3.3 Signing and Verification Algorithms................................................................................................. 12 3.4 Canonicalization..................................................................................................................................13 3.5 The DKIM-Signature Header Field................................................................................................... 16 3.6 Key Management and Representation................................................................................................21 3.7 Computing the Message Hashes........................................................................................................ 24 3.8 Signing by Parent Domains................................................................................................................26 4 Semantics of Multiple Signatures........................................................................................................ 27 4.1 Example Scenarios..............................................................................................................................27 4.2 Interpretation.......................................................................................................................................27 5 Signer Actions........................................................................................................................................ 29 5.1 Determine Whether the Email Should Be Signed and by Whom......................................................29 5.2 Select a Private Key and Corresponding Selector Information......................................................... 29 5.3 Normalize the Message to Prevent Transport Conversions...............................................................29 5.4 Determine the Header Fields to Sign.................................................................................................30 5.5 Recommended Signature Content...................................................................................................... 31 5.6 Compute the Message Hash and Signature........................................................................................32 5.7 Insert the DKIM-Signature Header Field...........................................................................................32 6 Verifier Actions......................................................................................................................................34 6.1 Extract Signatures from the Message................................................................................................ 34 6.2 Communicate Verification Results.....................................................................................................38 6.3 Interpret Results/Apply Local Policy.................................................................................................38 Allman, et al. Standards Track [Page 2] RFC 4871 DKIM Signatures May 2007 7 IANA Considerations............................................................................................................................ 40 7.1 DKIM-Signature Tag Specifications..................................................................................................40 7.2 DKIM-Signature Query Method Registry..........................................................................................40 7.3 DKIM-Signature Canonicalization Registry...................................................................................... 40 7.4 _domainkey DNS TXT Record Tag Specifications...........................................................................41 7.5 DKIM Key Type Registry..................................................................................................................41 7.6 DKIM Hash Algorithms Registry...................................................................................................... 42 7.7 DKIM Service Types Registry...........................................................................................................42 7.8 DKIM Selector Flags Registry...........................................................................................................42 7.9 DKIM-Signature Header Field...........................................................................................................42 8 Security Considerations........................................................................................................................ 43 8.1 Misuse of Body Length Limits ("l=" Tag)........................................................................................ 43 8.2 Misappropriated Private Key..............................................................................................................43 8.3 Key Server Denial-of-Service Attacks...............................................................................................44 8.4 Attacks Against the DNS................................................................................................................... 44 8.5 Replay Attacks....................................................................................................................................44 8.6 Limits on Revoking Keys.................................................................................................................. 45 8.7 Intentionally Malformed Key Records...............................................................................................45 8.8 Intentionally Malformed DKIM-Signature Header Fields.................................................................45 8.9 Information Leakage...........................................................................................................................45 8.10 Remote Timing Attacks....................................................................................................................45 8.11 Reordered Header Fields.................................................................................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    60 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us