On Thu 10/Jul/2025 19:52:50 +0200 John Levine wrote:
When we added a new crypto algorithm we realized that you can only have one
key per selector.I gather the plan is to allow multiple signatures
in the same dkim2-signature header so the key records will need to allow
that.
What is the purpose of this change?
I've been double-signing outgoing mail for a while. I did it to monitor the
adoption of RFC 8463. When I saw that my ed25519 selector was routinely
reported as not verified except by a scant, non-increasing number of domains, I
stopped.
Maybe, among the grand changes introduced with DKIM2, the use of ed25519 could
catch on.
But why multiple signatures? Is it to let verifiers choose what algorithm they
prefer?
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
