| Subject: | The "q=" tag can have multiple methods listed |
From the RFC,
q= A colon-separated list of query methods used to retrieve the
public key (plain-text; OPTIONAL, default is "dns/txt"). Each
query method is of the form "type[/options]", where the syntax and
semantics of the options depend on the type and specified options.
If there are multiple query mechanisms listed, the choice of query
mechanism MUST NOT change the interpretation of the signature.
Implementations MUST use the recognized query mechanisms in the
order presented. Unrecognized query mechanisms MUST be ignored.
Currently, the only valid value is "dns/txt", which defines the
DNS TXT resource record (RR) lookup algorithm described elsewhere
in this document. The only option defined for the "dns" query
type is "txt", which MUST be included. Verifiers and Signers MUST
support "dns/txt".
Mail::DKIM will correctly reject signatures that do not have "dns/txt"
in the query list, but it will also reject signatures that have multiple
query methods listed.
For example, a hypothetical signature with q=foo/bar:dns/txt:exam/ple
should be ACCEPTED, because it contains a recognized query method
("dns/txt").
Mail::DKIM should process the list from left to right, skipping over
unrecognized methods and stopping once it finds "dns/txt". If it finds
dns/txt, then good, proceed as before. If it does not find "dns/txt",
then reject the signature for having an invalid query method.