On Wed, Mar 22, 2006 at 10:01:27PM -0600, Arvel Hathcock allegedly wrote:
Would it be possible/wise to just not do this incompatible change when
signing with sha1? Since we are not going to recommend sha1 as the hash
That could work of course, but I don't think it's an ideal way of
doing it in such a new protocol as that approach effectively makes the
algorithm choice a surrogate version.
if a=rsa1 then interpret rest of content in this way
if a!=rsa1 then interpret rest of content in another way
Six months down the road we have the same discussion about some other
compatibility issue and someone suggests that an l=-1 (just as an
example) might suffice to indicate the old way of doing things. Then
you have:
if a=rsa1 and l=-1 then interpret rest of content in way One
if a=rsa1 and l!=-1 then interpret rest of content way Two
if a!=rsa1 and l=-1 then interpret rest of content in way Three
if a!=rsa1 and l!=-1 then interpret rest of content in way Four
etc, etc.
It's not clear to me that DKIM has so much inertia that we need to
accrete these sort of contortions yet.
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html