In article <1513857489.3531319.1212273208.18fe8...@webmail.messagingengine.com> you write: >I certainly concur with Brandon here - changing ARC algorithm looks like >a very messy proposition, I expect you'd pretty much have to do a window >where both the old and new algorithm were supported - with a dealine >where the old algorithm gets treated like a broken link. ...
Complex technical approach: Invent a new ps= tag for peer selector. If using two signing algorithms, add two AS and AMS headers with the same d= but different s=, one for each algorithm, each with a ps= pointing to the other header, and each signature covering both headers, and you have to check when signing and validating that the ps= in this header matches the s= in the other. The chain is valid if either AS is valid. Simple administrative approach: Stall ARC for a few more months until we can get ed25519 into the libraries, then adjust the document to make it MUST verify both. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc