> [mailto:[EMAIL PROTECTED] On Behalf Of Dave Crocker
> So double signing gives compatibility without better > strength, but with lots > more overhead. In other words, I do not see the upside of > the double signature. With SHA1/256 I absolutely agree. A second sig adds no value at all. Particularly since RSA1024 is weaker than SHA1. When we start introducing the replacement signature algorithm which will at the very least entail the use of a digest algorithm that is currently unknown and quite likely an unknown signature algorithm the use of double signatures is the only way to realistically deploy the system. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
