Hi Hector, I don't feel strongly about the change.
At 22:59 11-04-2011, Hector Santos wrote: >But the domain must not lie, which was one of the OP's concern, so I >think additional text to require the signer to use one of the h= specified. Adding text in RFCs to prevent lies doesn't usually solve problems. :-) >Overall, my suggestion for the text would be something like: > > h= A colon-separated list of hash algorithms that might be used > as acceptable hash algorithms. (plain-text; OPTIONAL, > defaults to allowing only standard registered algorithms). > > When signing mail, the signer MUST use one of the h= methods > explicitly specified or implicitly using one the default > standard registered hash algorithms. > > Verifiers not recognizing a hash algorithm or does not > match a= value MUST invalidate the signature. The key in the text proposed earlier is "operational choice" (see what Tony suggested). It is a fix that does not introduce any requirements. The text proposed earlier takes into account what is stated in other sections of draft-ietf-dkim-rfc4871bis-05. Regards, -sm _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
