https://bugs.kde.org/show_bug.cgi?id=457894
Bug ID: 457894
Summary: DKIM plugin treats ed25119 signed messages as invalid
Product: kmail2
Version: 5.15.3
Platform: Debian stable
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: kdepim-b...@kde.org
Reporter: k...@kitterman.com
Target Milestone: ---
SUMMARY
***
With the DKIM plugin enabled, it appears to treat signatures which use the
ed25519 as invalid. Ed25519 was added to DKIM by RFC 8463. Even if RFC 8463
is not supported, according to the current main DKIM RFC, RFC 6376, signatures
with unknown algorithms must be ignored (Paragraph 3.3.4). A dual signed
RSA-SHA256/ed25519 message should show as DKIM: valid if the RSA signature
verifies. This appears not to be the case.
***
STEPS TO REPRODUCE
1. Enable DKIM plugin
2. Receive dual DKIM signed RSA-SHA256/ed25519 message
3. Select the message
OBSERVED RESULT
DKIM: invalid
EXPECTED RESULT
DKIM: valid
SOFTWARE/OS VERSIONS
Windows:
macOS:
Linux/KDE Plasma:
(available in About System)
KDE Plasma Version: 5.20.5
KDE Frameworks Version: 5.78.0
Qt Version: 5.15.2
ADDITIONAL INFORMATION
Addition of ed25519 to DKIM is relatively recent and so such signatures can be
difficult to come by. If anyone needs a representative email to evaluate this
with, please contact me and let me know. I'll be glad to send it.
--
You are receiving this mail because:
You are watching all bug changes.
