On Mon, Jan 23, 2017 at 7:49 AM, John Levine <[email protected]> wrote:
> > The first is that ARC says that keys SHOULD be 2K and MUST be at least > 1K. > OK, I'm convinced. I'll add that info in and also update the usage doc with additional explanation. > This suggests a tweak to the ARC spec that we should make anyway. The > way you do an algorithm migration, like the one we did from rsa-sha1 > to rsa-sha256 is to put two signatures on the message for a while, one > with the old algorithm and one with the new one. So a validator > ignores signatures with algorithms it doesn't understand, and if there > are two valid signatures with the same i=N using different algorithms, > just pick one. > This sounds like something that we should definitely add so that there is clarity, but it does add a situation where cv=unknown might happen if the previous step only signed with an algorithm that was not understood. --Kurt
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
