On 04/25/2011 01:57 PM, Barry Leiba wrote: > Dave further tweaks: > >> INFORMATIVE NOTE: Although use of rsa-sha256 is strongly encouraged, >> some senders might prefer to use rsa-sha1 when balancing security >> strength against performance, complexity, or other needs. However, >> compliant verifiers might not implement rsa-sha1; they will treat >> such messages as unsigned. >> > WFM. >
This seems rather extreme. Last thing I've heard is that SHA1 has been shown to have a weakness, but it hasn't been broken. Given that we're using unsecured DNS to deliver public keys, this seems a like a hysterical overreaction. Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
