On 10/3/2015 10:08 AM, John R Levine wrote: > I suppose the version bump to v=2 is an open issue, but I don't really > see what the problem is. Since the current spec says that unknown tags > are ignored, there's no way to add mandatory tags without a version > bump. I believe when this came up before, people looked at common DKIM > libraries including yours, the perl and python ones, and found that the > current code would all fail a v=2 signature, so the version bump should > do what we want it to.
Claiming that something is mandatory, as part of a version bump, is meaningless, when the installed base will be using the older version and ignoring the supposedly-mandatory new feature. If the installed base can legally ignore a new feature, then it is not mandatory. The only way to make a feature mandatory in a new version is to provide it in a fashion that makes it only available to folks adhering to the new set of mandatory features.[*] FWIW, this is equivalent to saying that adding new mandatory features is equivalent to creating a new protocol. So if you want to modify DKIM to change the set of mandatory features, then specify that the signature use a /different header field name/, such as DKIM-Signature2. Only adherents to the new scheme will see this. If the signer wants legacy folk who only understand older DKIM to also be able to evaluate a signature, then the signer needs to create two signatures. Things get easier if you make the new feature optional, in which case you don't need a version number... d/ [*] There's an exception that takes a long time, which being starting by making the feature initially optional, then waiting for it to gain massively widespread adoption, then issuing a declaration that it is now mandatory. -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc