Ned,
The problem here isn't that someone could configure the use of some random
signature algorithm and still remain compliant, but rather that someone can
write an implementation which supports generation of neither SHA-1 nor
SHA-256 signatures and still be compliant. As such, I suggest making support
for SHA-256 on generation a MUST and SHA-1 a SHOULD. Both SHA-1 and SHA-256
need to be a MUST for verifiers.
I am not sure whether your text covers the point I want to pursue, in this note.
Since I think it is a core requirement, I want to make this explicit:
A signer needs to have at least one algorithm that I can use that they can be
positive will supported by *all* validators.
Whether there is only one and whether it is "preferred" are separate issues, to
me.
That's why I distinguished between "MUST support" vs. "SHOULD use".
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html