Re: [ietf-dkim] Escaping things in key/ADSP records

Fri, 31 Jul 2009 11:04:01 -0700 

Tony,

If you still have the records, can you count the number of records with
g=; ?  That's used in an example in some of the DomainKey specs and
works for DK but means "match nothing" for DKIM.

-Jim

Tony Hansen wrote:
> Mark Martinec wrote:
>  > John Levine wrote:
>  >> It is certainly the kind of bug that occurs in PHP scripts when the
>  >> programmer doesn't perfectly understand the quoting rules.  It's
>  >> happened to me.
>  >
>  > I'm collecting a set of common mistakes breaking DKIM signatures.
>
> Pulling up a message from a while ago. Mark, did you ever get further 
> with your set of common mistakes?
>
> I had occasion to look at a number of DNS key records, and find the 
> following common mistakes:
>
> Sample size: 65456 DNS _domainkey (DKIM+DK) records
>
> 16    missing semi-colons between fields
> 1     missing any separators (k=rsap=....)
> 14    invalid quotation marks (") surrounding the entire record
> 2     invalid \" surrounding the entire record
> 5     invalid parens or paren+quotes surrounding the entire record
> 47    \-quoted characters, particularly \;
> 9     TTL value or other random DNS data showing up in the record
> 1     TTL value being in the record instead of the public key
> 17    random characters in the record, e.g. {, CRLF, backspace, SUB, >
> 113   SPF records being returned
> 13    key only, no p= or any other options
> 1     encoded ; as %3B
> 1     missing tag before =
> 8     other data in record (dkim=all, O=-, r=, &, ")
> 1     v=DKIM1 not first field in record
> 50    other random errors
> ---
> 299
>
> I was not able to verify if any of the keys that had spaces within them 
> were actually valid keys or not.
>
> The good news is that of the sample, the majority of the records were 
> just fine.
>
> I'm wondering if there is a need for a web interface at dkim.org that 
> would validate someone's _domainkey TXT record.
>
> Thoughts?
>
>       Tony Hansen
>       [email protected]
> _______________________________________________
> NOTE WELL: This list operates according to 
> http://mipassoc.org/dkim/ietf-list-rules.html
>
>   
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

Reply via email to