> Section 3.6.1. states: > > k= Key type (plain-text; OPTIONAL, default is "rsa"). Signers and > verifiers MUST support the "rsa" key type. The "rsa" key type > indicates that an ASN.1 DER-encoded [ITU-X660-1997] RSAPublicKey > [RFC3447] (see Sections Section 3.1 and A.1.1) is being used in > the "p=" tag. (Note: the "p=" tag further encodes the value using > the base64 algorithm.) Unrecognized key types MUST be ignored. > > > I believe the "Unrecognized key types MUST be ignored" is incorrect, > or at least can be misunderstood. It is not the key *type* (the value of > a 'k' tag) that is to be ignored (which would just mean that a 'k' tag is > useless as any value means 'rsa') - but the complete public key (record) > with a key type (implied or explicit) not matching the sig-a-tag-k from > an 'a' tag of a signature must be ignored.
Suggested change: replace the: Unrecognized key types MUST be ignored. with: Algorithm name sig-a-tag-k of a signature must match exactly the implied or explicitly specified key type key-k-tag-type of a public key. Keys with unmatching key type MUST be ignored. Mark _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
