John Levine wrote:
The other alternative to squeezing bits in a DNS record is providing a
redirect to another service.
Sure, but now you have the extra cost of another transaction. If you're
going to do that, you might as well invent another q= lookup scheme,
probably via HTTP, and use it directly.
Right... this is really where I was aiming.
It seems to me that since DKIM signatures are expected to have short
lifetimes and to have only moderate value, and that we've established
quite thoroughly that there is not yet an obvious successor to SHA-1,
it would be OK simply to note that we'll need something more secure in
the future and leave it at that.
How many times do you want to do this?!
NOTE WELL: This list operates according to