Bug 457894

Summary: DKIM plugin treats ed25119 signed messages as invalid
Product: [Applications] kmail2 Reporter: Scott Kitterman <kde>
Component: generalAssignee: kdepim bugs <kdepim-bugs>
Status: REPORTED ---    
Severity: normal CC: kb, montel, uwu
Priority: NOR    
Version: 5.15.3   
Target Milestone: ---   
Platform: Debian stable   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Scott Kitterman 2022-08-14 20:40:22 UTC 
SUMMARY
***
With the DKIM plugin enabled, it appears to treat signatures which use the ed25519 as invalid.  Ed25519 was added to DKIM by RFC 8463.  Even if RFC 8463 is not supported, according to the current main DKIM RFC, RFC 6376, signatures with unknown algorithms must be ignored (Paragraph 3.3.4).  A dual signed RSA-SHA256/ed25519 message should show as DKIM: valid if the RSA signature verifies.  This appears not to be the case.
***


STEPS TO REPRODUCE
1. Enable DKIM plugin
2. Receive dual DKIM signed RSA-SHA256/ed25519 message
3. Select the message

OBSERVED RESULT
DKIM: invalid

EXPECTED RESULT
DKIM: valid

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 5.20.5
KDE Frameworks Version: 5.78.0
Qt Version: 5.15.2

ADDITIONAL INFORMATION
Addition of ed25519 to DKIM is relatively recent and so such signatures can be difficult to come by.  If anyone needs a representative email to evaluate this with, please contact me and let me know.  I'll be glad to send it.
Comment 1 Laurent Montel 2022-08-15 06:39:14 UTC 
Do you have an example ?
(Perhaps you can send it me in private message)
Regards