Tony Hansen wrote:
Yeah, me too. Same conclusion, and same assumption.
Tony Hansen
tony(_at_)att(_dot_)com
Arvel Hathcock wrote:
In that case I would suggest that we make SHA256 a MUST support for
signature verifiers and a SHOULD for signature generators.
SHA-1 should probably also be a MUST for verifiers and a SHOULD for
signers.
For the record, I'm fine with this. I "felt a disturbance in the Force"
so our implementation and library on sourceforge is already capable
here. The only assumption I made was that the tag would end up being
a=rsa-sha256.
Just as a practical note, openssl requires -0.98 which gives me a
slight bit of pause given problems in -0.97. Somebody better in
the know can tell me how mature -0.98 is...
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html