On Mon, Nov 3, 2025, at 10:28, Wei Chuang wrote: > While I understand the desire to keep DKIM2 simpler, pp= permits delegation > to an email hosting provider as already pointed out above. One consideration > I didn't think of till now is this pp= delegation can help with the DKIM2 > adoption especially when we consider the algorithmic agility requirement. > DKIM2 at some near point wants to mandate publishing and signing both with > RSA and ED25519. My guess is that many senders and forwarders will have > trouble deploying ED25519, and one avenue to smooth adoption is allowing them > to delegate publishing and signing to their platform. That said, I noticed > that pp= has been removed in draft-clayton-dkim2-spec-03, so perhaps this > discussion is perhaps moot.
We need to discuss this point, it will be a major discussion point for the headers/ > Regarding the mv= tag, can more clarity be provided how that is different > from the i= instance number? Is the idea that a more recent (higher i= > number) DKIM2 signature can reference an older (low mv=) MailVersion header? Sure, in my example, I have a message in which the same mv= is signed twice, then multiple new versions are created before signing again: brong@elg:~/src/interop/brong$ perl validate.pl brong-final.eml OK DKIM2-Signature: i=4; mv=5; s=sel3; d=test1.dkim2.com OK Mail-Version: mv=5 OK Mail-Version: mv=4 OK Mail-Version: mv=3 OK DKIM2-Signature: i=3; mv=2; s=sel2; d=test1.dkim2.com OK DKIM2-Signature: i=2; mv=2; s=sel2; d=test1.dkim2.com OK Mail-Version: mv=2 OK DKIM2-Signature: i=1; mv=1; s=sel1; d=test1.dkim2.com OK Mail-Version: mv=1 So there are two separate things here. Versions of the email, and signatures on those versions. Right now I'm not checking that the signatures chain with d/mf/rt alignment, which is why they need their own monotonically increasing series. Bron. -- Bron Gondwana, CEO, Fastmail Pty Ltd / Fastmail US LLC [email protected]
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
