On Wed, Jul 16, 2025, at 17:05, Barry Leiba wrote: > What's wrong with something like this: > The verifier MUST support at least one of the signature algorithms. > The verifier SHOULD check all the algorithms it supports. > The signature MUST be valid for all signatures that are checked. > ...and we add an explanation for the SHOULD.
Yeah, I think I agree with you. When adding a new algorithm support I would be likely to put it in a "check but don't use" state, where I'd log the result to see if it was well implemented at either my end or the sending end, and once it looked like it was generally solid I'd turn it on for real. Bron. -- Bron Gondwana, CEO, Fastmail Pty Ltd / Fastmail US LLC [email protected]
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
