This protection depends upon a means for the signer to assert which
algorithm is deprecated, and what shiny new algorithm is being offered.
Wearing, as usual, my receiver hat, I still don't see any reason to be
interested in random senders' opinions about the relative merits of
various algorithms.
Like I said before, let's say someone publishes SSP saying sha256 is
deprecated and rot13 is shiny and new. What should I do with that info?
Assuming we agree that it's stupid and I should ignore it, how am I
supposed to tell stupid deprecation advice from non-stupid deprecation
advice?
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"I shook hands with Senators Dole and Inouye," said Tom, disarmingly.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html