I thought Vince did a pretty good job of explaining this, but it apparently hasn't sunk in. I'll try once more to explain it.
There's no point (purpose) in changing the name of your key. Just because its *name* is 'private' doesn't mean that it *is* a private key. Quite the opposite, in fact. The contents of the DNS TXT record that s= points to should contain the *public* key, regardless of the s= value. The s= parameter is the Selector value. This is simply a name (identifier) given to the key pair so that the receiving server can tell which DNS record contains the appropriate *public* key for your domain. You can call it whatever you like, such as 'selid' or 'maildk' or 'orange' or 'narf' or 'poit'. It really doesn't matter from a functional standpoint. The name you give it is specified when you generate the key pair. See http://wiki.qmailtoaster.com/index.php/Domainkeys#DomainKey_Generation The only reason that 'private' is used as a selector id in the example is that this is the default value used by qmail-dk. This is admittedly confusing, and a poor choice of names by the qmail-dk author. The default should probably be changed in the stock toaster (and the wiki) at some point so that it is more easily understood. Alexey, can we change the qmail-dk default file name to something a little more appropriate, such as 'selector' or 'keyname'? David J. wrote: > Vince, > > Thank You for giving clues in my problem. How to set My DNS to cahanget > the vlaue of s=private, into public one ...?? to verify the public key > status. > > Thank's > > > David J. > > ----- Original Message ----- From: "Vince Callaway" <[EMAIL PROTECTED]> > To: <qmailtoaster-list@qmailtoaster.com> > Sent: Friday, February 09, 2007 10:57 PM > Subject: Re: [qmailtoaster] DKIM Status failed > > >> On Fri, 2007-02-09 at 20:20 +0700, David J. wrote: >>> Well if it has to be on private than it's fine, but how to make my >>> DKIM status recognized ..?? >> >> I checked your dns and everything looks correct. >> >> I suggest visiting this site: http://senderid.espcoalition.org/ To >> test. It provides an address to test your mail. >> >> The use of the word private in domainkeys has caused some confusion. >> You are NOT publishing your private key. You are publishing a public >> key named private. >> >> Your mail signature contains a value of s=private. That tells the >> receiver to do a dns lookup for private._domainkey.m2-vision.net to get >> the public key to verify the signature. >> -- -Eric 'shubes' --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
