-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Here is the full header failed in DKIM verifying:
<URL:http://izb.knu.ac.kr/~bh/stuff/gmail-full-header-2008110501>
FYI; i used/use Jason's DKIMProxy for signing DKIM signature ;;
Vijay Eranti (✌ విజయ్ ఈరంటి) wrote:
can you send me a sample dkim signature that failed ?
here is what the spec says
g= Granularity of the key (plain-text; OPTIONAL, default is "*").
This value MUST match the Local-part of the "i=" tag of the DKIM-
Signature header field (or its default value of the empty string
if "i=" is not specified). An email with a signing address that does
not
match the value of this tag constitutes a failed verification.
The intent of this tag is to constrain which signing address can
legitimately use this selector, for example, when delegating a
key to a third party that should only be used for special
purposes.
I am interested in what you specified in your i= in the dkim signature.
On Mon, Nov 3, 2008 at 8:27 PM, Byung-Hee HWANG
<bh(_at_)izb(_dot_)knu(_dot_)ac(_dot_)kr
<mailto:bh(_at_)izb(_dot_)knu(_dot_)ac(_dot_)kr>> wrote:
When i was used with "g=*", Gmail said as follow:
dkim=pass (test mode)
header(_dot_)i=(_at_)izb(_dot_)knu(_dot_)ac(_dot_)kr
<http://izb.knu.ac.kr>
When i switched to "g=bh" from "g=*", Gmail said as follow:
dkim=neutral (no key)
header(_dot_)i=(_at_)izb(_dot_)knu(_dot_)ac(_dot_)kr
<http://izb.knu.ac.kr>
Below is my current TXT record for DKIM:
bh(_at_)chrys:~> dig +short dj._domainkey.izb.knu.ac.kr
<http://domainkey.izb.knu.ac.kr>. TXT
"v=DKIM1; k=rsa; g=bh; s=email; t=y; p=...snip...;"
bh(_at_)chrys:~>
With same key("g=bh"), dkim-test(_at_)testing(_dot_)dkim(_dot_)org
<mailto:dkim-test(_at_)testing(_dot_)dkim(_dot_)org>'s result was:
dkim=pass, header(_dot_)i=bh(_at_)izb(_dot_)knu(_dot_)ac(_dot_)kr
<mailto:bh(_at_)izb(_dot_)knu(_dot_)ac(_dot_)kr>
Am i wrong? Or Gmail's missed point about "g" tag?
byunghee
- --~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "Dkim-contact" group.
To post to this group, send email to dkim-contact(_at_)google(_dot_)com
<mailto:dkim-contact(_at_)google(_dot_)com>
To unsubscribe from this group, send email to
dkim-contact+unsubscribe(_at_)google(_dot_)com
<mailto:dkim-contact%2Bunsubscribe(_at_)google(_dot_)com>
For more options, visit this group at
http://groups.google.com/a/google.com/group/dkim-contact?hl=en
- -~----------~----~----~----~------~----~------~--~---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkkQ65UACgkQsCouaZaxlv6XOQCfa02DfGPt/DUi+lyhr5CtJCda
nV8AoJOUf9FZJZ7xMN+Ezx72JObSdSde
=kQsQ
-----END PGP SIGNATURE-----
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops