Hi Brett,
At 14:33 11-01-11, McDowell, Brett wrote:
RFC 4871 states:
h= Acceptable hash algorithms (plain-text; OPTIONAL, defaults to
allowing all algorithms). A colon-separated list of hash
algorithms that might be used. Signers and Verifiers MUST
support the "sha256" hash algorithm. Verifiers MUST also support
the "sha1" hash algorithm.
We have a DKIM-signed mail stream that is "passing" with Receiver1
but failing with Receiver2 and it's Receiver2 who has a "new"
interpretation of the requirement above. Here are the two
interpretations, please let me know which is generally considered
correct (of if both are wrong):
You can DKIM sign with SHA1 or SHA256 as the verifier supports
both. Your DKIM signing implementation has to implement SHA256.
If the DKIM verifier sees a DKIM-Signature using SHA1 while the DKIM
signer publishes h=
sha256, see Section 6.1.2, step 7.
Regards,
-sm
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html