Hi Brett, At 14:33 11-01-11, McDowell, Brett wrote: >RFC 4871 states: > > > h= Acceptable hash algorithms (plain-text; OPTIONAL, defaults to > > allowing all algorithms). A colon-separated list of hash > > algorithms that might be used. Signers and Verifiers MUST > > support the "sha256" hash algorithm. Verifiers MUST also support > > the "sha1" hash algorithm. > >We have a DKIM-signed mail stream that is "passing" with Receiver1 >but failing with Receiver2 and it's Receiver2 who has a "new" >interpretation of the requirement above. Here are the two >interpretations, please let me know which is generally considered >correct (of if both are wrong):
You can DKIM sign with SHA1 or SHA256 as the verifier supports both. Your DKIM signing implementation has to implement SHA256. If the DKIM verifier sees a DKIM-Signature using SHA1 while the DKIM signer publishes h= sha256, see Section 6.1.2, step 7. Regards, -sm _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
