On Mon 31/Mar/2025 18:40:30 +0200 John Levine wrote:
It appears that Murray S. Kucherawy <superu...@gmail.com> said:
On Mon, Mar 31, 2025 at 1:56 AM Alessandro Vesely <ves...@tana.it> wrote:
There is room for a lot of compatibility. If we don't change the
canonicalizations, a DKIM1 verifier will be able to verify a DKIM2
signature, limited to DKIM1 semantics. [...]
I can't tell if this sentence confuses me, or is expressly contrary to what
we probably want here.
That is, it's possible we specifically do not want a DKIM verifier to be
able to claim success over a DKIM2 signature, accidentally or otherwise.
I have no idea what "verify a DKIM2 signature, limited to DKIM1
semantics" means since the tags and semantics are likely to be
incompatible. I would bs surprised if anyone else did either.
Sorry for being unclear. What I meant was that, given DKIM2, a DKIM1 verifier
could be updated to handle DKIM2 signatures —if DKIM2 signatures were specified
with compatibility in mind. The verifier might not be fully DKIM2 compliant,
perhaps because the MTA interface does not support it or for some other reason.
However, it can verify a DKIM2 signature as if, mutatis mutandis, it were a
DKIM1 one. The meaning of such a verification would be equivalent to that of a
DKIM1 verification.
Hope this is clearer.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
