Hi Murray,
At 11:24 12-01-11, Murray S. Kucherawy wrote:
If an "a=rsa-sha1" message matching a "h=sha1" key fails for reasons
other than the usual things that cause a signature to fail (i.e.
alteration in transit or mismatched keys), I'd say the verifier is
doing something that looks a lot like breakage to me.
My reading of Brett's message is that the specification is
unclear. There is the following informative note in Section 3.3:
INFORMATIVE NOTE: Although sha256 is strongly encouraged, some
senders of low-security messages (such as routine newsletters) may
prefer to use sha1 because of reduced CPU requirements to compute
a sha1 hash. In general, sha256 should always be used whenever
possible.
You mentioned implementation and policy in a previous message. The
first paragraph of Section 3.3 describes the software requirements
for the DKIM implementation. The second paragraph describes how the
software may be used. I'll use Murray's description and call it
policy. The better fit may be "operations" and how to ensure interoperability.
According to Section 4.1.2 of draft-ietf-dkim-implementation-report-05:
'50.5% of signatures used "rsa-sha1", while the balance
used "rsa-sha256".'
If receivers want to reinterpret the requirements, they may see more
"DKIM failures".
Regards,
-sm
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html