> I guess the main argument for the MUST on sha-256 would be to
> encourage moving away from sha-1 before there's much wider DKIM
> deployment.
A MUST would more than encourage, it would require :)
Isn't SHA-1 sufficient since it (a) isn't broken (b) is the least
computationally taxing (I assume) and (c) provides sufficient protection
for our use (we aren't protecting files full of credit card numbers with
DKIM).
--
Arvel
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html