Without this feature, people may soon find their inbox flooded by
bogus messages indicating the use of new algorithm, that could have
been mitigated extensively by having the key feature.
As opposed to what? What would you expect a verifier or assessor to do if the
hash used to sign was not in the key's approved hash list? Wouldn't it get
delivered anyway, but perhaps with a slightly different annotation?
I don't see any value here other than disabling verification using a
known-compromised hash algorithm. But even that wouldn't inhibit delivery,
only change annotation.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html