On Sun, Jul 20, 2025 at 2:27 AM John Levine <[email protected]> wrote:
> It appears that Wei Chuang <[email protected]> said: > >If we further want to help receivers, consider adding an optional DNS > >policy record that describes the algorithms that the sender supports with > >certainty. > > Wouldn´t you be able to tell that from the key records? If you support an > algorithm > you´ll publish a key for it. > > I suppose there might be a short period from when you publish the record > to when you > turn on the signer, but you´d have the same problem with a policy record. > There are two problems: first, the keys that a sender supports are obscured by the selectors. I suppose the receiver could do a wildcard DNS query to pull all keys. Second, a sender may want to roll out a new algorithm in an introductory testing period but is not confident that the algorithm works broadly. They will publish to DNS the key but not want that algorithm to be part of the mandatory set of algorithms that receivers must consider as valid. -Wei
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
