On Thu, 11 Oct 2007, Murray S. Kucherawy wrote: > On Thu, 11 Oct 2007, Dan Mahoney, System Admin wrote: >> 1) Does DKIM no longer have an o= policy flag? I saw nothing about o= >> when searching the RFC, but it could just be because DKIM is an >> "extension" to DomainKeys, and that's a DomainKeys thing. > > The policy stuff has moved to its own IETF draft, which will be its own > RFC. You can find it in the DKIM tarball as "draft-ietf-dkim-ssp-01.txt". > > The format is not the same as it was for DomainKeys. > >> 2) Is the _policy record now ignored, again? > > It now lives at _ssp._domainkey.<domain>, so yes.
*headdesk* Crap. And you just know there are people out there who are running old verifiers. I had figured now that there was an official rfc and such, that we'd stop doing the "this week's draft" dance. Is there an "official site" for the DKIM spec? An "official" mailing list, such that one can be made aware of any changes which affect the spec? (besides this one, which of course, is just about the milter). Or are we expected to pore over and diff draft after draft to find out what's now deprecated? I apologize if this seems forward, but people want DKIM now. SpamAssassin has had a rule called DKIM_POLICY_SIGNSOME hitting most domains for a while now, which I find really amusing considering that rule only hits on the IMPLIED policy. And there's not one really good "howto" site (admittedly, the docs in the milters are good, but the target audience of the milter are not the same as the target audience of those who could benefit from and understand the workings behind something like DKIM.) Hell, dkim.org (which one would assume to be a logical place to look as any) says that draft-allman-dkim-ssp is "Recommended for immediate use" (and it expired a year and a half ago). When SPF came out, there were simple, web-driven tools to GENERATE the rulesets, as well as simple tools to interpret them on a failure, from the getgo. Given, SPF was as simple as "drop this line in DNS", very set-it-and-forget-it. But the meanings of the various flags, fields, and such were de-mystified, and you were asked simple, english questions which themselves could have been taken from the RFC's. Now, when searching for obscure DKIM flags, like trying to search RFC's for "o=" or, worse, google, there's no real place to turn (at least that I've found). Seriously, if you want people to embrace this stuff, it needs to be accessible. There's enough "voodoo" involved because of the cryptography, the rest of this standard doesn't have to be similarly shrouded in mystery. Just my (way more than) 0.02. -Dan -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
