> -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Barry Leiba > Sent: Monday, April 25, 2011 1:37 PM > To: Murray S. Kucherawy > Cc: [email protected] > Subject: Re: [ietf-dkim] Issue: Section 4.3 Hash method Note > > Actually, with one important correction (below), I like Hector's text > better. I do think the attempt at a concrete example is a red > herring, and I prefer more abstract statement. For that matter, I > even think the "CPU-bound" part is too specific, so I'll offer a small > tweak. > > The important correction is to change "may", which could be > interpreted as RFC 2119 language, to something else ("might", say). > That's particularly significant in "verifiers may not implement", > which might be incorrectly read as "verifiers MUST NOT implement", or > some such. It's easy to avoid that. > > My suggestion: > INFORMATIVE NOTE: Although rsa-sha256 is strongly encouraged > and should, in general, be used whenever possible, some > senders might prefer to use rsa-sha1 when balancing security > strength against performance, complexity, or other needs. > Compliant verifiers might not implement rsa-sha1, and they will > treat such messages as unsigned.
You're right, I'd missed the "may" use, and "might" is better. The tracker's still down, but I'll reopen that issue (#13) for the next version and cite this suggested text. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
