Dave Crocker wrote:
We have agreed to the addition of an enhancement that provides a good
alternative to the existing set of two algorithms.
That is quite different from tossing out over-the-wire backward
compatibility.
I have not seen the group agree that a sender of an (ESTG) DKIMv1
signature will fail with an (IETF) DKIMv2 validator.
Dave,
'nowsp' canonicalization does not exist in "DKIMv2" (-base-01). It was
eliminated, rather than deprecated, because it created a vulnerability.
While some -base-01 verifiers may implement legacy nowsp support, a
fully compliant -base-01 verifier may not work with a -base-00 signature
that uses nowsp canonicalization.
-Jim
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf