Insecure key/policy?

From: Tanguy Ortolo <>
Date: Mon, 28 Mar 2011 16:13:27 +0200


I have noticed some “insecure key” and “insecure policy” in my
Authentication-Results headers. This is what I found in
       InsecureKey (string)
              Instructs the filter to treat a passing signature associated with an insecure key in a
              special way. Possible values are neutral (return a "neutral" result), none (take no spe‐
              cial action; this is the default) and fail (return a "fail" result).

       InsecurePolicy (string)
              Instructs the filter to treat an ADSP policy found in an insecure DNS record in a special
              way. Possible values are apply (apply the policy; this is the default) and ignore
              (ignore the policy).

However, I could not find what was an insecure key and an insecure DNS
record. Grepping the source code, I guess that this means that the key
or the policy DNS record is not DNSSEC'ed. If this is right, may I
prepare a patch against the manpage?

Tanguy Ortolo

Received on Mon Mar 28 2011 - 14:13:46 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:16 PST