On Thu, 12 Jun 2008, gnu not unix wrote: > Now I have both dk and dkim going. Should I sign first with dk, or > should dkim be run first? Or for that matter should I only run dkim > since it is the RFC/best practice choice?
Professionally, I would say you can run whichever makes sense. DKIM makes a lot of sense as that's where the momentum is, but there are still a lot of signers and verifiers for DomainKeys. Since DomainKeys is a little less robust about header changes than DKIM is, I would sign with it last and verify with it first. Personally, I would simplify things and use DKIM only. > Also, I have a policy set via DNS. I've set it in _policy with an _ssp > that is a CNAME to _policy. Is that a good/bad idea? It should be fine. Also note that current code checks _asp (the name used by the -03 draft), and the next draft will use yet another new name, _adsp. You might want to set those up as well. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
