On Tue, Jul 15, 2025 at 11:48 PM Richard Clayton <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > > RFC6376 lists the fields which are actually needed for things to work: > > v= version > h= hash function > k= signing algorithm > p= public key material > > but it also provides for > > n= notes for humans > s= service type > t= flags > y testing > s match to i= required > > I rather suspect that > > n= is seldom encountered (sysadmins document what they are doing at > complete different stack levels); > > s= was a Good Idea At The Time but other protocols want their own > key definition schemes rather than piggybacking here; and > > t= is commonly seen but pointless... > > We don't need, IMO, to complicate verifiers by telling them that > although there is a DKIM signature (t=y) it isn't one really because > we are hoping they will help us in their testing (they won't, they > will reject the mail !) and i= (I'll leave looking up that obscurity > as an exercise for the reader) is seldom used > > So I would suggest moving these 3 tags to a different section, > indicating that DKIM1 verifiers may take notice of s= and t= but that > DKIM2 verifiers will not. > > We could mark these as deprecated for DKIM2 and point back to the RFC6376 for the original specification for the description? -Wei
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
