The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
Following are some notes about gray areas in the RFC 4871 DKIM
specification.


Section 3.4.4 "relaxed" Body Canonicalization

  Empty bodies. Unlike the "simple" body canonicalization, which
  explicitly says to add a CRLF, the "relaxed" body canonicalization
  does not say this. The consensus at DKIM-Interop was NOT to add
  a CRLF for "relaxed" body canonicalization when the body is empty.


Section 3.5 "i= Identity of the user or agent"

  In the section describing "identity", it says dkim-quoted-printable
  encoding is to be used, but quoted printable is not mentioned in the
  ABNF. The ABNF includes the "Local-part" token, which allows a quoted
  string with backslashes to escape certain characters.

  My interpretation (combining the text and my own reasoning), is that
  the i= tag value should be the dkim-quoted-printable encoding of:

    [ Local-part ] "@" domain-name

  So, e.g.
                                     local part     domain
                                     ----------     -----------
    i="meet=20joe"@example.com  =>   "meet joe"     example.com
    i="fine=3Bmess"@example.com =>   "fine;mess"    example.com
    i="j=20s=22@example.com     =>   "j s"          example.com
    i=j smith @ example . com   =>   jsmith         example.com


Section 3.6.1 "granularity of the key"

  Does "an empty g= value never matches any addresses" mean that any
  signature, no matter the i= value, using this key cannot be
  matched? The consensus at DKIM-Interop was that YES, that's what
  it means.

  It should be noted that this is an incompatible change from
  RFC4870-DomainKeys, where an empty g= tag in the public key is
  equivalent to g=*, which would match anything.