Dne 13. 3. 2023 v 16:08 Murray S. Kucherawy napsal(a):
On Fri, Mar 10, 2023 at 10:48 AM Jan Dušátko <jan=
40dusatko....@dmarc.ietf.org> wrote:
I got recommendation to propose changes in that mailing group.
My work depend on appropriate protection of our brand, however this
tasks require also management of records required for that protection.
We have huge problem with identification of selector records required by
DKIM and also this make for us problem with compatibility. We would like
to strongly follow RFCs, but sometimes v=DKIM1 tag are resolved like
issue as well as sometime missing of that tag do the same. This is a
reason, why I would like to propose mitigation of problem, caused by
word RECOMMENDED in standard RFC 6376:
[...]
Just to clarify: Are you saying the identification of a DKIM record in the
DNS is uncertain unless "v=DKIM1" is present?
-MSK
Yes, exactly, you are right. Although DKIM FQDN records must be in the
format [selector]._domainkey.domain.tld, this not impact any records
prepared to create CNAME for other domains. As for the internal format,
if the record contains only a key (p="base64encodedkey"), it is
difficult to verify whether it is really a DKIM record. Especially in
the case of a corrupted encoded record.
Jan
--
-- --- ----- -
Jan Dušátko
Tracker number: +420 602 427 840
e-mail: j...@dusatko.org
GPG Signature: https://keys.dusatko.org/E535B585.asc
GPG Encrypt: https://keys.dusatko.org/B76A1587.asc
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
