On Friday, November 02, 2018 07:56:21 AM John Levine wrote: > In article <9957335.dUWMaE32Bo@kitterma-e6430> you write: > >Does it have to be any harder than that? > > I hope not but it's still not backward compatible so it's not really any > better. > > With the current spec, if you have two AMS or AS with the same i= > that's invalid, so if you start putting both rsa and ed25519 seals, > old verifiers will probably fail. It'd be interesting to mock up > dual seals, send them to Gmail et al, and see what they think. > > I suppose we could invent new headers EAMS and EAS and EAAR for the second > and later version of seals, but ugh.
I agree having data would help a lot here. We're starting from different assumptions and there's no way to know which is better without data. I am assuming that ARC implementations have the DKIM like property of ignoring signatures signed using algorithms they don't implement. I don't know if that's a correct assumption or not. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
