Regarding the use of sha1 vs. sha256, I did a search of messages I've
collected in the past few years that have dkim signatures.
2008 rsa-sha1 1016
2008 rsa-sha256 1525
2009 rsa-sha1 1983
2009 rsa-sha256 1932
These are just messages that have arrived in my inbox. It's just a data
Regarding Steve Atkin's suggested reworded text:
"Verifiers MUST support rsa-sha256 and MAY support rsa-sha1.
Signers SHOULD sign using rsa-sha256 and SHOULD NOT sign using
rsa-sha1." might provide enough wiggle room to allow existing code
time to migrate away from SHA1.
I'm not sure we can downgrade verifier support for sha1. However, I
definitely agree that we could downgrade signing support for sha1.
NOTE WELL: This list operates according to