When the body of the message has an open-ended length, the number of
attempts to produce a collision might be within what now seems like a
small number of attempts.
If SHA256 is that weak, we have worse problems than spoofed DKIM messages.
Fortunately, nobody I know in the crypto community thinks that it is.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html