Hallam-Baker, Phillip wrote:
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Mark Delany
Me three. As a long-time implementor I suck at getting
un-exercised code right. I'd much prefer agility to be
essential to a day one deployment, as it'll otherwise never work.
The only downside is that this does render the legacy base obsolete. But
this is probably not such a great hardship. It might even be a benefit
as people are more likely to upgrade for higher security.
The only concern I have here is if moving to SHA 256 might create
problems with crypto acceleration hardware. I don't think it should, the
hash is usually done on thehost processor rather than the cryptobox, but
I would be happier if folk could confirm that this is the case.
I'm not a hardware geek, but I really don't think that DKIM
is likely to be destined for hardware accelaration any time
soon. And if it is, it's very likely to be last in line with
all of the other protocols who are likely to be stampeding
toward SHA-256. Like, oh say, TLS and IPsec.
NOTE WELL: This list operates according to