On Apr 26, 2006, at 6:24 AM, Michael Thomas wrote:
Hector Santos wrote:
The document refers to both _domainkey vs. _dkim subdomains to DNS
DKIM
records:
| 3.6.2.1 Name Space
|
| All DKIM keys are stored in a subdomain named
""_domainkey"". Given
| a DKIM-Signature field with a "d=" tag of ""example.com"" and
an "s="
| tag of ""sample"", the DNS query will be for
| ""sample._domainkey.example.com"".
and
| A.3 The email signature is verified
|
| The signature is normally verified by an inbound SMTP server or
| possibly the final delivery agent. However, intervening MTAs
can
| also perform this verification if they choose to do so. The
| verification process uses the domain "example.com" extracted
from the
| "d=" tag and the selector "brisbane" from the "s=" tag in the
"DKIM-
| Signature" header field to form the DNS DKIM query for:
|
| brisbane._dkim.example.com
How is this going to be handled? Most testing domains are using
_domainkey
or is _dkim targeted for a binary RR?
This is just a typo. A.3 should be _domainkey as well.
I know many don't like being so 1970ish, but to conserve DNS payload
space, here is one example. Introducing this change when going to
the binary key seems like a good choice.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html