On Thu, 21 Dec 2017, at 17:12, Murray S. Kucherawy wrote: > On Wed, Dec 20, 2017 at 4:39 PM, Brandon Long > <[email protected]> wrote:>> >> I think algorithm rotation is more challenging for ARC than it is for >> DKIM, since with DKIM you can just sign with both... but for ARC, >> there's a chain of signers and the you have to handle links not being >> able to verify intermediate states in the other algorithm.>> > > If the group concurs, then it would seem this section needs quite a > bit more development. Who's up for proposing text? I certainly concur with Brandon here - changing ARC algorithm looks like a very messy proposition, I expect you'd pretty much have to do a window where both the old and new algorithm were supported - with a dealine where the old algorithm gets treated like a broken link. It's probably a strong reason to MUST that every implementation support signing and verifying at least two currently presumed strong algorithms at the start, so if one is found wanting we can immediately deprecate it and everyone can just turn on the other algorithm in their software configuration. Bron.
-- Bron Gondwana, CEO, FastMail Pty Ltd [email protected]
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
