On Sun, 20 Jul 2025, Wei Chuang wrote:
There are two problems: first, the keys that a sender supports are obscured by the selectors.
I don't see what the problem is. Every signature has the selector and algorithm so the verifier knows what to look for, right?
pull all keys. Second, a sender may want to roll out a new algorithm in an introductory testing period but is not confident that the algorithm works broadly. They will publish to DNS the key but not want that algorithm to be part of the mandatory set of algorithms that receivers must consider as valid.
Hmm. I want to think some more about whether the rule is that ALL the signatures have to be valid (give or take ones the verifier doesn't support) or ANY signature is adequate.
Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
