From 33e2114339219e0947ccb50ffb2b9f00edaa83c1 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Fri, 1 Nov 2019 17:52:10 +0100
Subject: DKIM: clarify policy for dedicated DKIM key material.

---
 e-post/doman.mdwn | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/e-post/doman.mdwn b/e-post/doman.mdwn
index 2a5831b..b7b8543 100644
--- a/e-post/doman.mdwn
+++ b/e-post/doman.mdwn
@@ -168,8 +168,12 @@ receiver's mail client  might emphasize that your messages are signed by
 Fripost's key and not your own
 (GMail [surely does](https://support.google.com/mail/answer/1311182), for
 instance).  This doesn't really disclose anything as our domain can be
-found in the mail header anyway, but if you prefer to have your own key
-drop us a line, we will find something out.
+found in the mail header anyway, but feel free to drop us a line if you
+prefer to have a dedicated key pair for your domain.
+(In that case we'll generate the key material ourselves, and
+[*publish*](https://git.fripost.org/fripost-ansible/tree/certs/dkim) its
+public part, as well as the signing domain identifier and selector used
+in the `DKIM-Signature` header field.)
 
 Should I publish a SPF (Sender Policy Framework) record for my domain?
 ----------------------------------------------------------------------
-- 
cgit v1.2.3