The code that knows to dispatch to v=2 can, just as easily, parse for the
strings associated with the new features.
True, but not very interesting. In my spamassassin example, the outside
code knows nothing about DKIM versions, it just sees a dkim-signature
header and sends it to the DKIM library.
The point of a v=2 flag is to ensure that old v=1 code doesn't
accidentally misinterpret new features. In my example, I made a semantic
change: in v=1 DKIM, verifiers ignore tags they don't understand. In v=2,
there's a new tag type that fails if a verifier can't handle it. The new
tags have new syntax that, in an ideal world, would make v=1 verifiers
fail with a syntax error, but we all know that parse errors are often not
well debugged. I did look at a bunch of DKIM libraries and they all check
for v=1 and fail if they don't find it.
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Please consider the environment before reading this e-mail. https://jl.ly
NOTE WELL: This list operates according to