ChangeLog

Version 1.0.0
    - Add support for RFC 8460 tlsrpt DKIM signature processing (LP: #1847020)
    - Add new timeout parameter to enable DNS lookup timeouts to be adjusted
    - Drop usage of pymilter Milter.dns in dnsplug since it doesn't support
      havine a timeout passed to it

2019-10-07 Version 0.9.5
    - Ignore unknown service types in key records (LP: #1847020)
      - This is required by RFC 6376 and predecessors.  It becomes important
        now that RFC 8460, which defines a new DKIM service type exists.  This
	change is required to avoid processing tlsrpt keys like regular email
	keys, which is incorrect, they have different requirements.

2019-09-25 Verstion 0.9.4
    - Add LICENSE to MANIFEST.in so it is included in the tarball (LP:
      #1845318)

2019-08-09 Version 0.9.3
    - Fix linesep setting in arcsign script (LP: #1838262) (Thanks to Gowtham
      Gopalakrishnan for the report and the patch)
    - Fix default canonicalization for DKIM signature verification to be
      simple/simple per RFC 6376 (LP: #1839299) (Thanks to Cyril Nicodème for
      the report and a suggested fix)

2019-04-14 Version 0.9.2
    - Fix the arcsign script so it works with the current API (Note: the new
      srv_id option is the authserv_id to use in the ARC signatures - Only AR
      fields with an authserv-id that matches srv_id will be considered for
      ARC signing)
    - Fix cv=none processing for initial signature in chain
    - Add additional text documenting use of srv_id for ARC signing to
      docstrings and man 1 arcsign (LP: #1808301)
    - Use same line seperator for output as input in dkimsign/arcsign
      (LP: #1808686)
    - Refactor canonicalization.py strip_trailing_lines to avoid using re for
      more consistent processing across python versions (Thanks to Jonathan
      Bastien-Filiatrault for the change)
    - Refactor header folding for more consistent results, including reduced
      stray whitespace (Also Jonathan Bastien-Filiatrault)
    - Don't log message headers and body unless explicitely requested. This
      should also reduce memory usage on large messages. (Jonathan
      Bastien-Filiatrault)
    - Clarify the crlf does not count towards line length in fold
    - Adjust fold maxlen to one shorter for lines after the first, since they
      already have a leading space (LP: #1823008)

2018-12-09 Version 0.9.1
    - Fixed ARC verification to fail if h= tag is present in Arc-Seal and
      added tests
    - Refactored dknewkey so that it correctly writes out text instead of
      bytes
    - Added missing v=DKIM1; to dns record producedby dknewkey

2018-10-30 Version 0.9.0
    - Update oversigned (frozen) header field list to reduce signature
      fragility (removes 'date' and 'subject' fields from being oversigned by
      default - see usage section of README for information on how to restore
      the previous behavior)
    - Added new add_should_not for DKIM/ARC classes to prevent additional
      header fields from being signed
    - Added 'from' to should sign list (to prevent it from not being signed at
      all in the unusual event that 'from' is locally removed from the frozen
      header field set (LP: #1525048)
    - Updates for experimental ARC support:
      - Limit to rsa-sha256, rsa-sha1 not used by ARC and multi-signature
        design TBD
      - Raise error when ARC signing if i= instance limit value of 50 is
        exceeded
      - Specified that for ARC, Authentication-Results should not be signed
      - Added missing documentation for timestamp function dkim.arc_sign
        (LP: #1800314)
    - Fix DNS lookups to be compatible with EAI addresses in domains and
      selectors (John Levine)
    - Add type Hinting for sign and verify functions (LP: #1782596)
      (Thomas Ward)
    - PEP8 Blank Lines Style Issues (LP: #1782596)
      (Thomas Ward)
    - Python 3.7 compatibility fixup for dkim.canonicalization.
      strip_trailing_lines due to changed RE.sub() processing (LP: #1800313)

2018-06-16 Version 0.8.1
    - Correctly fold lines at or near the maximum line length (fix folding
      zero length lines and adding a blank line and adding an exra cr/lf for
      lines near max length (LP: #1717576)
      - Thanks to Christian Jørgensen and John Levine for reporting the issue
    - Add testing extras option to setup.py (Daniel Hahler)
    - Fix deprecation warnings in test asserts (Daniel Hahler)
    - Correctly limit try/except for imports to import errors (Daniel Hahler)
    - Don't error out in Python 3 if include headers is string (LP: #1776775)
    - Correct requires invocation for py3dns

2018-05-18 Version 0.8.0
    - Change from distutils to setuptools with entry points because it's the
      future
    - Use install_requires and extras_requires to document external
      dependencies for dkimpy (LP: #1227526)
    - Fix typo in dknewkey(1) for k= tag (Thanks to Andreas Schulze for
      reporting)
    - Detect incorrect version in DKIM public key record (LP: #1763815)
    - Detect unknown algorithm in k= tag and raise an appropriate error, vice
      failing with a traceback
    - Indicate that ed25519-sha256 is no longer experimental

2018-02-17 Version 0.7.1
    - Update ed25519 tests, including using sample keys from RFC 8032 Section
      7.1 and the sample message from RFC 6376
    - Return an empty list (as expected) when no AR headers are found or no AR
      arc stamps are found and the chain terminated (LP: #1748146)
    - Use correct h= tag in dknewnkey.py generated DKIM records for RSA

2018-02-07 Version 0.7.0
    - Initial ed25519 implementation based on draft-ietf-dcrup-dkim-crypto
      experimental - IETF draft, design not finalized, See README for details
    - Port dkimsign.py to use argparse; now gives standard usage message and
      is more extensible
    - Add command line options to dkimsign.py to select header and body
      canonicalization algorithmns (LP: #1272724)
    - Add command line option to dkimsign.py to select signing algorithm
    - For dknewkey.py make default to include h=sha256 in the DNS record to
      exclude usage with sha1.  Can be overriden
    - Update ARC processing to current draft
    - Fix arcverify tag requirements (LP: #1710312)
    - Fix empty body canonicalization for relaxed canonicalization (LP: #1727319)
       * Thanks to Matthew Palmer for the report and the proposed fix
    - Add new test, test_implicit_k, to verify that RSA processing is still
      correct when the optional k= tag is not present in the DKIM public key
      record
    - Fix -v verbose reporting in dkimverify.py
    - Fix unbound local variable error when processing signatures with an x
      tag, but no t tag (LP: #1739637)

2017-05-30 Version 0.6.2
    - Fixed problem with header folding that caused the first line to be
      folded too long (Updated test test_add_body_length since l= tag is no
      longer at the beginning of a line)
    - Fixed python3.4 string interpolation issue
    - Fix some byte casting issues & typos
    - Add test case for verification when should headers are signed
    - Check and update references:
      * Replace RFC 4871 withRFC 6376
      * Replaace RFC 3447 with RFC 8017
      * Add mention of DCRUP working group addressing key length issues

2017-01-27 Version 0.6.1
    - Fixed python3 dns lookup issue
    - Fixed arcverify.py issue

2017-01-23 Version 0.6.0
    - Add capability to sign and verify ARC signatures
    - Added new script, dknewkey.py, to generate DKIM keys

2015-12-07 Version 0.5.6
    - Brown paper bag release, 0.5.5 tarball inadvertently included pyc files
      and other artifacts from development

2015-12-07 Version 0.5.5
    - Fix and test case for case insensitive subdomain matching.
    - Python3 compatibility fixes and test cases thanks to Diane Trout

2013-06-10 Version 0.5.4
    - Fixed error in FWS regular expression that cause some valid signatures
      to fail verification (Thanks to Peter Palfrader (weasel) for the patch)
      http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711751
    - Change dkimsign.py to sign the default (recommended) set of headers
      instead of all headers

2012-10-27 Version 0.5.3
    - Make key parsing error messages more specific to help troubleshooting
      based on user feedback

2012-06-13 Version 0.5.2
    - Change canonicalization defaults to work around issues with different
      verification implementations <https://launchpad.net/bugs/939128>
    - Fully fold DKIM-Signature on sign, and ignore FWS in b= value on verify
    - Fix hashing problem while signing using sha1
    - Trap NXDOMAIN exception with dnspython
    - Other minor bug fixes

2012-02-03 Version 0.5.1
    - Rename tarball to dkimpy to avoid confusion with original project
    - Apply performance patch from <https://launchpad.net/bugs/901591>
    - save parsed signatures in DKIM object
    - do not require DNS/dnspython for signing

2011-10-26 Version 0.5
    - Add test case and fix for <https://launchpad.net/bugs/644046>
    - Add test case and fix for <https://launchpad.net/bugs/737311>
    - Fix dkim.fold()
    - raise KeyFormatError when missing required key parts in DNS
    - do not sign all headers by default
    - option to verify signatures other than first

2011-06-16 Version 0.4.2
    - Fix use of dns namespace so dnspython works

2011-06-15 Version 0.4.1
    - Fix some except clauses for python3
    - Correct Changelog and release versions
    - Add test case for <https://launchpad.net/bugs/587783>
    - add back dkim.Relaxed and dkim.Simple constants

2011-06-14 Version 0.4

    - new API: class DKIM to retrieve domain and other info after verify
    - Add support for python3
    - pydns driver tested and fixed
    - when producing Relaxed mode signatures, the partial DKIM-Signature
      header must be canonicalized before hashing (Martin Pool)
      <https://launchpad.net/bugs/587783>
    - other bug fixes

2008-06-25 Version 0.3

    - length parameter to sign() is now a boolean
    - sign() now folds the DKIM-Signature line
    - validation of all inputs
    - general code cleanup

2008-02-19 Version 0.2

    - handle "rsa-sha1" algorithm properly
    - handle multiple DKIM-Signature lines
    - handle FWS around = in DKIM-Signature lines
    - handle case of single canonicalization algorithm
    - handle l= signature property

2008-02-18 Version 0.1

    - initial release