-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <[email protected]>, Michael Thomas <[email protected]> writes
> If we could upgrade parts we'd like to upgrade but keep it within > the DKIM umbrella, it would be just an upgrade not a new > deployment. That is generally easier than asking the community to > deploy something new. DKIM generally sits inside of libraries, so the impact on the systems that call those libraries is relatively limited Note that for some definitions of community (specifically the people who own domains and use some system or service to send mail that they didn't develop themselves) there is no impact because they just keep on publishing DKIM keys as before > There is something of an advantage of writing > one DKIM-Signature instead of two or more since signing is the > expensive operation. Having some new tags and/or new headers to > sign is pretty trivial in comparison to rolling out something > "new". No !! ... the expensive operation is checking signatures since "much" email contains two DKIM1 signatures and "some" email contains dozens (sometimes hundreds) of DKIM1 signatures. You will note that the proposed DKIM2 scheme requires the receiver to check one signature only if the email arrives direct from the sender and just two in every other case.... ... so having a flow where one is able to ignore DKIM1 altogether and work with just DKIM2 (where options that no-one uses are removed and over-signing is eluded out) simplifies code bases considerably (and at the billions scale we do not heat up the planet so much). In the short term I expect that senders will sign with both DKIM1 and DKIM2 but since 90% (or whatever it is) of the world's mailboxes will be accepting DKIM2 as early adopters (because of the gains it gives them) it would make sense (and save power) to skip the DKIM1 signature on a per recipient basis. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBZ3vBqWHfC/FfW545EQLaoACfSmO2/sN0JiDbSPd3ds+O+sOnjMYAmwfr 6h6TOBibQJ86IJFlYJpjyR6v =6aCT -----END PGP SIGNATURE----- _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
