On Tue, Feb 28, 2006 at 11:06:35AM -0800, Jim Fenton allegedly wrote:
I don't recall anyone suggesting that we require signers to do multiple
signatures (at least, I wasn't suggesting that). In any case, I agree
with your statement.
But surely at some point, if not at the beginning, they will have to,
won't they?
Say, eg, SHA-4096 comes along and is ordained as the preferred hash in
some future DKIM. A signer adopting SHA-4096, will need to continue to
additionally sign with the older hashes as long as they believe some
recipients may not have upgraded to verify SHA-4096.
That comes back to the point that Ned et al made perhaps a week ago,
if we know that transition will occur at some point in the future,
leaving that code unexercised until then is surely a recipe for
disaster.
I'm all for supporting multiple signatures in the first DKIM standard
simply to give us some chance of avoiding that disaster. That way I
can configure a subset of my outbound to generate two signatures using
different hashes, just to catch bugs in the early stages of
deployment.
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html