Thank you for taking the time to answer my questions - most appreciated.
Your answer has addressed questions 1 and 2 for me. I'm still unclear on
certain aspects of question 3, though:
On 11 Mar 2024 at 8:54, Murray S. Kucherawy wrote:
> The signature is the result of base64-encoding the RSA encryption of
> the data-hash.
>
> The data-hash is the result of passing the canonicalized headers, in
> order, to the SHA algorithm. The canonicalized headers include, at
> the end, the incomplete DKIM-Signature field that's under
> construction. You then append the base64-encoded form of that
> signature to the incomplete DKIM-Signature field and attach it to the
> message.
The pseudocode for "sig-alg" says:
signature = sig-alg (d-domain, selector, data-hash)
I took this as meaning that the d-domain and selector strings need to be
passed to something before the data-hash; the problem was what that
"something" was - I had been assuming that it was a third hash that was then
signed, yet the rest of the section says (in more than one place) that only two
hashes are required.
Having read through your response, which describes the process as I was
originally expecting to follow it, I now wonder if this is another case of the
pseudocode having confused me as it did in question (1)... Are we perhaps
intended to read "d-domain" and "selector" as parameters that are used to
choose the appropriate signing key, rather than as input to the signed data
itself?
Again, my thanks for your help.
Cheers!
-- David --
------------------ David Harris -+- Pegasus Mail ----------------------
Box 5451, Dunedin, New Zealand | e-mail: david.har...@pmail.gen.nz
Phone: Number provided on request only.
Sign seen in a Vienna hotel:
"In case of fire, do your utmost to alarm the hotel porter."
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
