[dkim-ops] Test Results for various reflectors

Dan Mahoney, System Admin danm at prime.gushi.org
Thu Jun 8 16:37:34 PDT 2006 

On Thu, 8 Jun 2006, SM wrote:

> Hi Dan,
> At 14:34 08-06-2006, Dan Mahoney, System Admin wrote:
> >Okay.  My results for every reflector listed on testing.dkim.org 
> >(with every possible signing mode) are here (and they're DISMAL):
> 
> Thanks for the notes on the autoresponders.
> 
> Your DKIM signature fails verification.

By the way -- can you tell WHY?  I was signing using ietf-base-01, but am 
about to switch over to the allman one shortly, it's had SLIGHTLY more 
success than the others.  (This message should be signed with it.)  Which 
method are you using to verify?

> 
> >In any case, no detail is mentioned about how these differ, unless I 
> >feel like reading the drafts (and no links are provided, even so it 
> >would be a TEDIOUS read).
> 
> You can find the drafts of the implementation in the dk/dkim milter 
> tarballs.  The latest version of dkim-milter uses ietf-base-01 by default.

These are the files included with that:

draft-allman-dkim-ssp-01.txt
draft-ietf-dkim-base-01.txt
draft-ietf-dkim-threats-02.txt

Which one of them is supposed to represent allman-base-00?  I've looked 
(and looked) and I can't find an easy COMPARISON about what one spec has 
and the other does not, how they are similar, how one spec can be 
interepreted to be backwards compatible with another...or even which spec 
is newer, and whather it supersedes any other and is considered more or 
less acceptable. (As much as a "draft" standard can be).

The milter library claims that "The underlying library will adapt itself 
to deal with signatures from any version of the specification as much as 
possible" however I would have to assume this is with the assumption that 
the library itself KNOWS about all the specs that exist -- obviously some 
libraries which are in use now can pre-date some specs, which since they 
all use the same header could cause failure.

> >* Can anyone post contact addresses for issues with these 
> >reflectors? Ideally we need more info, such as: what testing method 
> >they're using, contact address, what standards they support.
> 
> You can post dkim-milter questions to the dkim-milter mailing 
> list.  I'm copying this email to you as the one you receive from this 
> list will fail verification.

That wasn't a milter question, but some of the above ARE, and I'll be 
mentioning that on those mailing lists shortly.  DKIM seems like a cool 
idea, but most of the documentation seems to be SERIOUSLY lacking.

-Dan

--

"What's with the server farm down in the basement?"

-Spider, Three Skulls Commons at Selden House, 4/15/00

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

More information about the dkim-ops mailing list