[ietf-dkim] dkim-base: _domainkey vs _dkim
dotis at mail-abuse.org
Wed Apr 26 08:33:37 PDT 2006
On Apr 26, 2006, at 6:24 AM, Michael Thomas wrote:
> Hector Santos wrote:
>> The document refers to both _domainkey vs. _dkim subdomains to DNS
>> | 188.8.131.52 Name Space
>> | All DKIM keys are stored in a subdomain named
>> ""_domainkey"". Given
>> | a DKIM-Signature field with a "d=" tag of ""example.com"" and
>> an "s="
>> | tag of ""sample"", the DNS query will be for
>> | ""sample._domainkey.example.com"".
>> | A.3 The email signature is verified
>> | The signature is normally verified by an inbound SMTP server or
>> | possibly the final delivery agent. However, intervening MTAs
>> | also perform this verification if they choose to do so. The
>> | verification process uses the domain "example.com" extracted
>> from the
>> | "d=" tag and the selector "brisbane" from the "s=" tag in the
>> | Signature" header field to form the DNS DKIM query for:
>> | brisbane._dkim.example.com
>> How is this going to be handled? Most testing domains are using
>> or is _dkim targeted for a binary RR?
> This is just a typo. A.3 should be _domainkey as well.
I know many don't like being so 1970ish, but to conserve DNS payload
space, here is one example. Introducing this change when going to
the binary key seems like a good choice.
More information about the ietf-dkim