The new rev 07 text has:
INFORMATIVE NOTE: Although rsa-sha256 is strongly encouraged, some
senders of low-security messages (such as routine newsletters) may
prefer to use rsa-sha1 because of reduced CPU requirements to
compute a SHA1 hash. MTAs with compliant verifierst that do not
implement rsa-sha1 will treat such messages as unsigned. {DKIM 13}
In general, rsa-sha256 should always be used whenever possible.
First, there a typo with "verifierst" word, but I would like to
proposed a modified text:
INFORMATIVE NOTE: Although rsa-sha256 is strongly encouraged
and in general, should always be used whenever possible, some
senders may prefer to use rsa-sha1 when balancing higher security
strength versus reducing CPU-bound signed mail loads. Compliant
Verifiers may not implement rsa-sha1 and will treat such messages
as unsigned.
Reasoning: A routine could be anything commonly done and it may
include a high strength requirement as the spec strongly encourages
and recommends should always be used in general. So IMO, it may help
to be more general by removing the "routine newsletter" example and
the connotation any "routine" mail stream is any less secured
(low-security).
--
Hector Santos, CTO
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html