So receipt of a message signed in the new form will likely produce an
incorrect signature validation, ...
I wondered about that, too, so before I proposed a version bump, I took a
look at the code that people use:
* Murray's opendkim C library: checks that the version is 0.5 or 1,
fails otherwise. That's the code in the milters that sendmail and postfix
use, and I believe it's the library that everyone else with custom C code
(including me) uses or adapts. It replaces the older libdkim.
* Jason Long's perl Mail::DKIM: checks that the version is 0.5 or 1, will
accept no v= at all for backward compatibility with DK but not other v=
values. This is what spamassassin uses.
* Scott K's dkimpy: checks that the version is 0.5 or 1.
A version bump appears unlikely to produce an incorrect signature
validation unless there are other libraries in active use that ignored the
spec that says to check the version number.
I suppose I could try sending v=2 signatures to my Yahoo and Gmail and
Hotmail accounts to see what their trace headers say, but I'd be pretty
surprised if they got it wrong.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
