[kmail2] [Bug 457894] New: DKIM plugin treats ed25119 signed messages as invalid

Scott Kitterman bugzilla_noreply at kde.org
Sun Aug 14 21:40:22 BST 2022 

https://bugs.kde.org/show_bug.cgi?id=457894

            Bug ID: 457894
           Summary: DKIM plugin treats ed25119 signed messages as invalid
           Product: kmail2
           Version: 5.15.3
          Platform: Debian stable
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: kdepim-bugs at kde.org
          Reporter: kde at kitterman.com
  Target Milestone: ---

SUMMARY
***
With the DKIM plugin enabled, it appears to treat signatures which use the
ed25519 as invalid.  Ed25519 was added to DKIM by RFC 8463.  Even if RFC 8463
is not supported, according to the current main DKIM RFC, RFC 6376, signatures
with unknown algorithms must be ignored (Paragraph 3.3.4).  A dual signed
RSA-SHA256/ed25519 message should show as DKIM: valid if the RSA signature
verifies.  This appears not to be the case.
***


STEPS TO REPRODUCE
1. Enable DKIM plugin
2. Receive dual DKIM signed RSA-SHA256/ed25519 message
3. Select the message

OBSERVED RESULT
DKIM: invalid

EXPECTED RESULT
DKIM: valid

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 5.20.5
KDE Frameworks Version: 5.78.0
Qt Version: 5.15.2

ADDITIONAL INFORMATION
Addition of ed25519 to DKIM is relatively recent and so such signatures can be
difficult to come by.  If anyone needs a representative email to evaluate this
with, please contact me and let me know.  I'll be glad to send it.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list