The new rev 07 text has: INFORMATIVE NOTE: Although rsa-sha256 is strongly encouraged, some senders of low-security messages (such as routine newsletters) may prefer to use rsa-sha1 because of reduced CPU requirements to compute a SHA1 hash. MTAs with compliant verifierst that do not implement rsa-sha1 will treat such messages as unsigned. {DKIM 13} In general, rsa-sha256 should always be used whenever possible.
First, there a typo with "verifierst" word, but I would like to proposed a modified text: INFORMATIVE NOTE: Although rsa-sha256 is strongly encouraged and in general, should always be used whenever possible, some senders may prefer to use rsa-sha1 when balancing higher security strength versus reducing CPU-bound signed mail loads. Compliant Verifiers may not implement rsa-sha1 and will treat such messages as unsigned. Reasoning: A routine could be anything commonly done and it may include a high strength requirement as the spec strongly encourages and recommends should always be used in general. So IMO, it may help to be more general by removing the "routine newsletter" example and the connotation any "routine" mail stream is any less secured (low-security). -- Hector Santos, CTO http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html