Eric,
I agree with your analysis, which only leads to the question of whether
or not Assumption 2 is reasonable. I think we have operational
experience that says that it is, but even if it were not, if an
algorithm is broken and people care they will put pressure on their
vendors to provide updates. One can then apply a weighting to various
valid signatures. Furthermore, I claim that in a algorithm fast
transition there otherwise is no neat solution, because one is depending
on the administration of other systems for a transition to complete.
And so going back to Phillip's message:
A message recipient that only supports algorithm A is unable to verify the
signature and determine that it is fake. The recipient is thus unable to
determine that the message is in compliance even though the recipient is
perfectly capable of checking the signature on every legitimate message sent.
In this case, the recipient should discard the signature. Since there
will be no valid signature using algorithm A, the message will be
treated according to SSP. I see no problem, except with short
transitions, since in these proposed circumstances recipient would be
unlikely to trust the sender's algorithm A, leaving no way for the
recipient to validate the message.
Eliot
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html