[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Dave Crocker
So double signing gives compatibility without better
strength, but with lots
more overhead. In other words, I do not see the upside of
the double signature.
With SHA1/256 I absolutely agree. A second sig adds no value at all.
Particularly since RSA1024 is weaker than SHA1.
When we start introducing the replacement signature algorithm which will
at the very least entail the use of a digest algorithm that is currently
unknown and quite likely an unknown signature algorithm the use of
double signatures is the only way to realistically deploy the system.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html