[ietf-dkim] dkim-base: _domainkey vs _dkim
Douglas Otis
dotis at mail-abuse.org
Wed Apr 26 08:33:37 PDT 2006
On Apr 26, 2006, at 6:24 AM, Michael Thomas wrote:
> Hector Santos wrote:
>
>> The document refers to both _domainkey vs. _dkim subdomains to DNS
>> DKIM
>> records:
>>
>> | 3.6.2.1 Name Space
>> |
>> | All DKIM keys are stored in a subdomain named
>> ""_domainkey"". Given
>> | a DKIM-Signature field with a "d=" tag of ""example.com"" and
>> an "s="
>> | tag of ""sample"", the DNS query will be for
>> | ""sample._domainkey.example.com"".
>>
>> and
>>
>> | A.3 The email signature is verified
>> |
>> | The signature is normally verified by an inbound SMTP server or
>> | possibly the final delivery agent. However, intervening MTAs
>> can
>> | also perform this verification if they choose to do so. The
>> | verification process uses the domain "example.com" extracted
>> from the
>> | "d=" tag and the selector "brisbane" from the "s=" tag in the
>> "DKIM-
>> | Signature" header field to form the DNS DKIM query for:
>> |
>> | brisbane._dkim.example.com
>>
>> How is this going to be handled? Most testing domains are using
>> _domainkey
>> or is _dkim targeted for a binary RR?
>>
>
> This is just a typo. A.3 should be _domainkey as well.
I know many don't like being so 1970ish, but to conserve DNS payload
space, here is one example. Introducing this change when going to
the binary key seems like a good choice.
-Doug
More information about the ietf-dkim
mailing list