On Aug 3, 2009, at 4:33 PM, Franck Martin wrote: > Just some clarification, there is no way for an outsider to query > this record if you don't know it exists?
Yup. > The selector basically hides the record from DNS in comparison to > SPF which is easy to find in a DNS zone. Assume the postmaster is going to be signing your outbound email using "september2006" as the selector. They're not messing with you - they're deploying DKIM, using the private key that goes with the p= public key in the record below. Cheers, Steve > > ----- Original Message ----- > From: "Steve Atkins" <st...@wordtothewise.com> > To: "DKIM WG" <ietf-dkim@mipassoc.org> > Sent: Tuesday, 4 August, 2009 11:15:52 AM GMT +12:00 Fiji > Subject: [ietf-dkim] Everything not forbidden is permitted > > Chatting with people offlist the issue of whether there is such a > thing as a good or bad DKIM record came up. > > I'm trying to get a feel for peoples views on that so, to give a > concrete example, if your postmaster came to you with this DKIM record > they wanted you to publish in DNS, would you publish it as-is? If not, > why not? > > september2006._domainkey.example.com 300 IN TXT "version=DKIM1; a=rsa- > sha1; c=simple/simple; hash=sha1; t=testing; p=MIGfMA0G<more base64 > gunk>;" > > Cheers, > Steve > > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html