If you mean to just require that and not actually list the algorithms,
the verifier would have no way of determining what algorithms the signer
uses, without a list of all its selector names.
If you mean to list the algorithms, isn't that what Phill is proposing?
-Jim
John Levine wrote:
Every protocol with algorithm agility but not a fixed list of "MUST
implement" algorithms has this issue.
Is there any reason that SSP couldn't require that anyone who makes a
statement that he signs messages must sign with all the signature algs
he supports?
This would be an SSP MUST, not a DKIM MUST.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html