Dear Michael Thomas. Michael Thomas wrote in <80a3e172-3a1c-471a-b72b-3c07b4dd8...@mtcc.com>: ... |Again, why? Especially if the receiver knows whether it's base DKIM vs |upgraded DKIM via some explicit signaling with the tags from the sender? |If they are just unknown tags, it will verify and even if the receiver |is upgrade-savvy it would just look like a normal STD76 signature.
Since *noone* ever brought that up, i do it myself. (If still not /dev/null'ed.) It cannot be that easy, because the entire email infrastructure is totally messed up. By the IETF. Mostly DMARC, though. Noone cares for ARC, really. But DKIM. But 99% DMARC, say. The reason is that MITIGATIONS are active, everywhere. This means that, more often than not, either "elder" DKIM signatures are simply thrown away, or renamed to, for example, X-Mailman-Original-DKIM-Signature. Depends on what is rewritten, and if, etc etc. And this in turn means that it is IMPOSSIBLE to create valid DKIMv1 chains, "except for a single hop message". That ship has sailed. The damage was done many years ago. You need to add something new. Having said that. It can be absolutely identical to DKIMv1 except for the name of the header as such. For, i think, the last time, and i well understand that many comments around here shoot against me by bringing snippets of the arguments of the ACDC draft in favour of something else, however technically sound that can be (cough, cough), anyone who looks will find that the technical approach of the ACDC thing is easily done, and is capable to do anything of DKIMv2, but more elegant, and with lesser effort. And scalable, just as is SMTP. Greetings, --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
