Michael Thomas wrote:
been deprecated. To permit a graceful transition, both the deprecated
algorithm (whatever that might be) and some shiny new algorithm must
now be included with the message. Once your verifier adopts the shiny
[ Two valid signatures in the message ]
Wasn't this always the transition plan? The only crucial point is that
the Selector associated with the "weaker" signature has to tell the
verifier to expect the presence of "stronger" signature.
If the verifier doesn't understand the "stronger/newer" signature or
can't find it, then it has a risk decision to make about the weaker
verification. Selector-embedded SSP could give guidance to local policy
here.
At least I can see the potential issue here.
With the solution or the problem?
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html