A new cryptographic signature method for DKIM
draft-ietf-dcrup-dkim-crypto-12

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft that was ultimately published as RFC 8463.
Author John R. Levine
Last updated 2018-06-12 (Latest revision 2018-06-06)
Replaces draft-levine-dcrup-dkim-crypto
RFC stream Internet Engineering Task Force (IETF)
Formats
txt htmlized pdf bibtex bibxml
Reviews
GENART Last Call review by Pete Resnick Ready w/nits
SECDIR Last Call review by Paul Wouters Has nits
Additional resources Mailing list discussion
Stream WG state Submitted to IESG for Publication
Document shepherd Jim Fenton
Shepherd write-up Show Last changed 2018-05-22
IESG IESG state Became RFC 8463 (Proposed Standard)
Consensus boilerplate Yes
Telechat date (None)
Needs a YES. Needs 9 more YES or NO OBJECTION positions to pass.
Responsible AD Alexey Melnikov
Send notices to (None)
IANA IANA review state IANA OK - Actions Needed
Email authors Email WG IPR 2 References Referenced by Nits Search email archive
draft-ietf-dcrup-dkim-crypto-12 
Appendix A.  Example of a signed message

   This is a small message with both rsa-sha256 and ed25519-sha256 DKIM
   signatures.  The signatures are independent of each other, so either
   signature would be valid if the other were not present.

Levine                  Expires December 8, 2018                [Page 5]
Internet-Draft             DKIM Crypto Update                  June 2018

A.1.  Secret keys

   Ed25519 secret key in base64.

   fL+5V9EquCZAovKik3pA6Lk9zwCzoEtjIuIqK9ZXHHA=

   RSA secret key in PEM format.

   -----BEGIN RSA PRIVATE KEY-----
   MIICXQIBAAKBgQDkHlOQoBTzWRiGs5V6NpP3idY6Wk08a5qhdR6wy5bdOKb2jLQi
   Y/J16JYi0Qvx/byYzCNb3W91y3FutACDfzwQ/BC/e/8uBsCR+yz1Lxj+PL6lHvqM
   KrM3rG4hstT5QjvHO9PzoxZyVYLzBfO2EeC3Ip3G+2kryOTIKT+l/K4w3QIDAQAB
   AoGAH0cxOhFZDgzXWhDhnAJDw5s4roOXN4OhjiXa8W7Y3rhX3FJqmJSPuC8N9vQm
   6SVbaLAE4SG5mLMueHlh4KXffEpuLEiNp9Ss3O4YfLiQpbRqE7Tm5SxKjvvQoZZe
   zHorimOaChRL2it47iuWxzxSiRMv4c+j70GiWdxXnxe4UoECQQDzJB/0U58W7RZy
   6enGVj2kWF732CoWFZWzi1FicudrBFoy63QwcowpoCazKtvZGMNlPWnC7x/6o8Gc
   uSe0ga2xAkEA8C7PipPm1/1fTRQvj1o/dDmZp243044ZNyxjg+/OPN0oWCbXIGxy
   WvmZbXriOWoSALJTjExEgraHEgnXssuk7QJBALl5ICsYMu6hMxO73gnfNayNgPxd
   WFV6Z7ULnKyV7HSVYF0hgYOHjeYe9gaMtiJYoo0zGN+L3AAtNP9huqkWlzECQE1a
   licIeVlo1e+qJ6Mgqr0Q7Aa7falZ448ccbSFYEPD6oFxiOl9Y9se9iYHZKKfIcst
   o7DUw1/hz2Ck4N5JrgUCQQCyKveNvjzkkd8HjYs0SwM0fPjK16//5qDZ2UiDGnOe
   uEzxBDAr518Z8VFbR41in3W4Y3yCDgQlLlcETrS+zYcL
   -----END RSA PRIVATE KEY-----

A.2.  Public key DNS records

brisbane._domainkey.football.example.com. IN TXT (
 "v=DKIM1; k=ed25519; p=yi50DjK5O9pqbFpNHklsv9lqaS0ArSYu02qp1S0DW1Y=")

test._domainkey.football.example.com. IN TXT (
 "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkHlOQoBTzWR"
 "iGs5V6NpP3idY6Wk08a5qhdR6wy5bdOKb2jLQiY/J16JYi0Qvx/byYzCNb3W91y3FutAC"
 "DfzwQ/BC/e/8uBsCR+yz1Lxj+PL6lHvqMKrM3rG4hstT5QjvHO9PzoxZyVYLzBfO2EeC3"
 "Ip3G+2kryOTIKT+l/K4w3QIDAQAB")

A.3.  Signed Message

   The text in each line of the message starts at the first position
   except for the continuation lines on the DKIM-Signature headers which
   start with a single space.

Levine                  Expires December 8, 2018                [Page 6]
Internet-Draft             DKIM Crypto Update                  June 2018

   DKIM-Signature: v=1; a=ed25519-sha256; c=simple/simple;
    d=football.example.com; i=@football.example.com;
    q=dns/txt; s=brisbane; t=1518460054; h=from : to :
    subject : date : message-id : from : subject : date;
    bh=4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=;
    b=9/dsDChY0YMTtD5Eyw3wx7x22BlSJP7M5ECbJ7GWrR45nXlTCGb8l0YB
    o0wBLR++X5LqmsxXaOYLLJe46l10AQ==
   DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
    d=football.example.com; i=@football.example.com;
    q=dns/txt; s=test; t=1527915362; h=from : to : subject :
    date : message-id : from : subject : date;
    bh=4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=;
    b=icKcLSEZYXJ95flvWE8FT6hl5iqd8MC/LEKYH0QjsqYy6MO/4pgVNCZH
    l/RAXAuADxE/40Fg7uTlxwwD1hjN2Ple6J//cJfslBdDOq6zTVbne1dqtl
    NOat7iamJ1AfRqyG+ja7a2AZsrpUuJ7VA6O+0zRYPqpwMEkEFIzI9i/Xk=
   From: Joe SixPack <joe@football.example.com>
   To: Suzie Q <suzie@shopping.example.net>
   Subject: Is dinner ready?
   Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
   Message-ID: <20030712040037.46341.5F8J@football.example.com>

   Hi.

   We lost the game.  Are you hungry yet?

   Joe.

Appendix B.  Change log

   11 to 12  Made example less wrong.

   10 to 11  New example with both signatures, minor nits.

   09 to 10  Improve abstract, minor nits.

   08 to 09  Specify sha-256 for the extremely literal minded.  Take out
      the prehash stuff.  Add example.

   07 to 08  Specify base64 key records.  Style edits per Dave C.

   06 to 07:  Remove RSA fingerprints.  Change Pure to hashed eddsa.

   05 to 06:  Editorial changes only.

   04 to 05:  Remove deprecation cruft and inconsistent key advice.  Fix
      p= and k= text.

Levine                  Expires December 8, 2018                [Page 7]
Internet-Draft             DKIM Crypto Update                  June 2018

   03 to 04:  Change eddsa to ed25519.  Add Martin's key regeneration
      issue.  Remove hashed ed25519 keys.  Fix typos and clarify text.
      Move syntax updates to separate section.  Take out SHA-1 stuff.

   01 to 02:  Clarify EdDSA algorithm is ed25519 with Pure version of
      the signing.  Make references to tags and fields consistent.

Author's Address

   John Levine
   Taughannock Networks
   PO Box 727
   Trumansburg, NY  14886

   Phone: +883.5100.01196712
   Email: standards@taugh.com

Levine                  Expires December 8, 2018                [Page 8]