"unprotected key" with DNSSEC

From: Jim Fenton <fenton_at_bluepopcorn.net>
Date: Tue, 30 Aug 2016 16:39:29 -0700

Hi,

I sent a test message to myself through a forwarder (I had some problems
with the milter config after a Linux upgrade) and now it's signing and
verifying, but reporting that the key is unprotected. But my domain is
DNSSEC signed, so I wonder why I'm seeing this.

A sample signature:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net;
        s=supersize; t=1472599245;
        bh=4kfj3omcsL+i0LMWN/g0GpOQCUoDHlLCAouDc+KepEE=;
        h=To:From:Subject:Date;
        b=WwWpOCSI+a8nkGlZx1evBu/hXyZT5jvt0zQk2ese8i13N5o8EmXNXuvOJMNauKNG7
         gRGZyeZTGQ5cNcT+PUv6XdpREiC6LhnxEf5QFZnGcn1f/ew2PNyti2B/GWVoa9yK/c
         7Vz/MtkRreSEW4KaeCKoCeAObMruW27cB6tZlHPg=

and Authentication-Results:

Authentication-Results: v2.bluepopcorn.net; dkim=pass
        reason="1024-bit key; unprotected key"
        header.d=bluepopcorn.net header.i=_at_bluepopcorn.net
        header.b=WwWpOCSI; dkim-adsp=pass; dkim-atps=neutral


Any ideas?

-Jim
Received on Tue Aug 30 2016 - 23:41:59 PST

This archive was generated by hypermail 2.3.0 : Tue Aug 30 2016 - 23:54:01 PST