Re: [exim] DKIM and DomainKeys

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Michael Deutschmann
Fecha:  
A: exim-users
Asunto: Re: [exim] DKIM and DomainKeys
On Tue, 30 Jun 2009, Tom Kistner wrote:
> Domainkeys support has been dropped. I don't really feel like bringing
> it back, since I now consider it to be a dead proprietary technology.


I wouldn't call DK completely obsolete just yet.

DKIM is in two parts, both of which are necessary to replace the role of
DK. The first part, the procedure to detect bogus signatures, is
complete. But the second part, the procedure to detect *missing*
signatures, isn't.

So, I'd still want to double sign my messages -- with DK to allow people
to discard unsigned forgeries, and with DKIM merely to test the first
half of the new protocol.


Also, DKIM provides for signatures other than the domain of the From:
address. While such signatures are not needed when using DKIM as a
replacement for DK, they may well have a use in the future. If so, Exim
might be called upon to add two or more DKIM signatures at once to a
message.

So your library should be flexible enough to handle two DKIM signatures.
If it is, then it shouldn't be to hard to extend it to handle one DKIM and
one DK signature -- since DK is just DKIM with a slightly different header
format.

---- Michael Deutschmann <michael@???>