On 4/2/25 10:49 AM, Alessandro Vesely wrote:
On Wed 02/Apr/2025 18:03:31 +0200 John Levine wrote:
It appears that Alessandro Vesely <ves...@tana.it> said:
No, it's not so much the interpretation of pass/fail, which I think
will be expressed by policies anyway, but the checks you perform to
achieve that result. DKIM2 checks the envelope, for example, which
DKIM1 does not. So DKIM2 may fail on messages that DKIM1 passes.
I'd say that if DKIM1 passes a signature that is supposed to fail,
that is badly broken.
In that case, having two separate signatures, DKIM1 and DKIM2, would
produce the same result, DKIM1 passes while DKIM2 fails, with both
verifiers perfectly tuned. What's wrong with producing the same
result with a single DKIM2 signature?
Exactly. The heat death of the universe will happen before DKIM is
phased out.
Mike
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
