On Wed 02/Apr/2025 18:03:31 +0200 John Levine wrote:
It appears that Alessandro Vesely <ves...@tana.it> said:
No, it's not so much the interpretation of pass/fail, which I think will be
expressed by policies anyway, but the checks you perform to achieve that
result. DKIM2 checks the envelope, for example, which DKIM1 does not. So
DKIM2 may fail on messages that DKIM1 passes.
I'd say that if DKIM1 passes a signature that is supposed to fail, that is
badly broken.
In that case, having two separate signatures, DKIM1 and DKIM2, would produce
the same result, DKIM1 passes while DKIM2 fails, with both verifiers perfectly
tuned. What's wrong with producing the same result with a single DKIM2 signature?
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
