In article <363edd8b-2654-4d81-ad41-d355599d3...@att.com> you write: >-=-=-=-=-=- >Right now we require support for two types of keys: a weak one (sha1) and a >strong one (sha256).
True, but it's important to note that we don't require anyone to sign with weak keys. A key record in the DNS can contain "h=sha256" to say no SHA1 signatures accepted. I've set my key records like that for years. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc