Hi Hector,
I don't feel strongly about the change.
At 22:59 11-04-2011, Hector Santos wrote:
But the domain must not lie, which was one of the OP's concern, so I
think additional text to require the signer to use one of the h= specified.
Adding text in RFCs to prevent lies doesn't usually solve problems. :-)
Overall, my suggestion for the text would be something like:
h= A colon-separated list of hash algorithms that might be used
as acceptable hash algorithms. (plain-text; OPTIONAL,
defaults to allowing only standard registered algorithms).
When signing mail, the signer MUST use one of the h= methods
explicitly specified or implicitly using one the default
standard registered hash algorithms.
Verifiers not recognizing a hash algorithm or does not
match a= value MUST invalidate the signature.
The key in the text proposed earlier is "operational choice" (see
what Tony suggested). It is a fix that does not introduce any
requirements. The text proposed earlier takes into account what is
stated in other sections of draft-ietf-dkim-rfc4871bis-05.
Regards,
-sm
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html