On Fri 20/Jun/2014 03:34:42 +0200 Murray S. Kucherawy wrote: > > Actually I think I agree with most or all of that. My concern has to > do with where a DKIM neophyte goes to get a complete description of > DKIM. If we do what your draft proposes, then the complete definition > will lie in no less than two documents, plus any that register > extension tags or values. So what I'm uncomfortable with is a v=2 > document that is nothing more than a changes-since-v=1.
As I understand it, the reason we'd like to associate DKIM-Delegate with a version bump is to guard those verifiers who don't expect weak signatures. OTOH, Dave's "very-relaxed" canonicalization does have some real grounds. DKIM verifications can fail unexpectedly, albeit infrequently, which is why DKIM-Delegate-00 offered to overload z=. As Dave's proposal implied, new c14ns are part of the extensibility already provided for. Section 3.4 says: Further canonicalization algorithms MAY be defined in the future; Verifiers MUST ignore any signatures that use unrecognized canonicalization algorithms. The document defining the new c14n is formally separated from the one which defines weak signatures. The latter can simply recommend using the former, thereby achieving the desired protection. Ale _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc