I've started looking at updating dkimpy to align to the current versions of the specification.
Last time I looked at this particular issue, ARC could use any algorithm that DKIM uses. As I recall, that was once of the stimuli for the DCRUP working group (to avoid having rsa-sha1 be valid for ARC by obsoleting it in DKIM). It looks like this discussion has been moved to a new draft, https://tools.ietf.org/html/draft-ietf-dmarc-arc-multi-01 (although the reference is wrong, https://tools.ietf.org/html/draft-ietf-dmarc-arc-multi-02 is current. Unfortunately, I don't find any actual guidance on what algorithms are currently used. Secion 6, Phases of Algorithm Evolution, gives some process (which seriously needs revision - I thought we all knew flag days don't work at Internet scale), but no actual guidance. DKIM, as updated by the DCRUP work, has two valid crypto algorithms: rsa-sha256 ed25119-sha256 One has been obsoleted: rsa-sha1 Which among those is valid for ARC and how do I know? Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
