Could someone help me understand how AUID's are to be processed when there is
no i= provided in the DKIM signature per RFC 5672 (the DKIM update)?
It is clear that AUID's are optional.
But i= has a default value.
So, should the signature be processed as if the default value for the AUID (i=
value) were present or processed as if the AUID (i= value) wasn't even part of
the specification?
I'm asking the question because of this section related to restricting key
applicability across the namespace using t=s in the key record has a dependency
on the AUID in the signature:
> Corrected Text:
>
> ...for example, a key record for the domain example.com can be
> used to verify messages where the AUID ("i=" tag of the signature)
> is sub.example.com, or even sub1.sub2.example.com. In order to
> limit the capability of such keys when this is not intended, the
> "s" flag MAY be set in the "t=" tag of the key record, to
> constrain the validity of the domain of the AUID. If the
> referenced key record contains the "s" flag as part of the "t="
> tag, the domain of the AUID ("i=" flag) MUST be the same as that
> of the SDID (d=) domain. If this flag is absent, the domain of
> the AUID MUST be the same as, or a subdomain of, the SDID.
Thanks!
-- Brett
_______________________________________________
dkim-ops mailing list
[email protected]
http://mipassoc.org/mailman/listinfo/dkim-ops
