At 12:46 PM -0700 7/27/06, Hallam-Baker, Phillip wrote:
I sign nothing has to be there in the matrix even if it is implict
by the lack of a DKIM policy record. I dislike this form of
signaling, it leads to unpleasant edge cases, better to do it
explicitly.
Why does it have to be there? What attack does it defend agains?
The case where I do see a need that is not yet addressed is the
ability to say 'I sign everything with this particular algorithm'.
The reason it is needed is to manage the transition from a weak
signature scheme to a strong one.
We *already have* a transition strategy that is a lot more flexible
than 'I sign everything with this particular algorithm': DNS TTLs on
the keys. Nothing more is needed.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html