Section 3.3 has the phrase
Verifiers MUST implement rsa-sha256
Implementers will understand that they can go away with a verifier
that does not implement rsa-sha1. Their verifier would then return
PERMFAIL for the sha1-signed newsletter in the following informative
note. I suggest to clarify this as follows:
INFORMATIVE NOTE: Although sha256 is strongly encouraged, some
senders of low-security messages (such as routine newsletters) may
prefer to use sha1 because of reduced CPU requirements to compute
a sha1 hash. MTAs whose verifiers don't implement rsa-sha1 will
treat these messages as if they were not signed. In general,
sha256 should always be used whenever possible.
See also http://mipassoc.org/pipermail/ietf-dkim/2011q1/015464.html
(which was written at a time when verifiers were mandated to implement
both sha digests.) This change is meant to prevent that kind of
misunderstandings.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html