TXT RR tags
h: Acceptable hash algorithms
The spec needs to define the supported set of hash algorithms. There
may be some value in a signer being able to state that they're using
an algorithm that isn't supported, perhaps.
But unless there is a viable attack such that an attacker can craft a
message that validates correctly against the domain owner public key
using a hash supported by the spec (sha1 or sha256), without access
to the domain owners private key, then there's no need for this to be in
the TXT record.
I agree that there's no need for that to be in a TXT record.
If a site wanted to revoke instantly any signature previously generated with
rsa-craphash, couldn't it just revoke its old keys and generate new keys, and
begin signing with rsa-goodhash?
What's the advantage of having a mechanism to disallow future verifications
using a particular hash without just changing the keys you're using? Both
times you have to touch DNS and reconfigure your signers, so I don't see that
leaving "h=" in there gives you anything you can't already do some other way.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html