On Feb 20, 2006, at 12:49 PM, Tony Hansen wrote:
We allow extra options to be specified in a DKIM-Signature header,
but do not allow extra options to be specified in a DKIM TXT
record. (I don't recall this being discussed before, but just may
not remember it.) Should we? If not, how would we do upwardly-
compatible changes without requiring multiple DNS entries for both
an old and new entry.
DKIM should specify a binary structure used with the CERT RR. This
RR already offers fields defining the critical hash algorithm, for
example. By just specifying the hash used in signature header, once
a hash algorithm is later discovered compromised, there is no means
to keep bad actors from using this compromised hash algorithm for
spoofing messages. It would appear the DKIM draft is not ready.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html