The code in the dkim-genkey shell script that generates the "t=" flags list appears to be incorrect.
In particular, the sense of the "s" flag is reversed, if my reading of the spec is correct. That is, dkim-genkey includes the "s" flag when the user has *not* requested that subdomains be disabled, while the spec states that the "s" flag indicates that the key should not be used for subdomains.
Also, no ":" separator is placed between the possible "y" and "s" flags, as the spec requires. (I have not checked whether this DKIM implementation supports those flags without the colon separator, but that doesn't really matter, since other specifications should follow the spec, too.)
A little shell scripting work can easily correct these problems, assuming my analysis is correct.
Log in to post a comment.