> Without this feature, people may soon find their inbox flooded by > bogus messages indicating the use of new algorithm, that could have > been mitigated extensively by having the key feature.
As opposed to what? What would you expect a verifier or assessor to do if the hash used to sign was not in the key's approved hash list? Wouldn't it get delivered anyway, but perhaps with a slightly different annotation? I don't see any value here other than disabling verification using a known-compromised hash algorithm. But even that wouldn't inhibit delivery, only change annotation. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html