Cryptographic Algorithm and Key Usage Update to DomainKeys Identified Mail (DKIM)

Note: This ballot was opened for revision 04 and is now closed.

Ben Campbell Yes

Comment (2017-09-27 for -04)
-4: "Verifiers MUST verify using rsa-sha256."

Should this say "...MUST be able to..."? That is, am I correct in assuming that a verifier will use the scheme specified by the signer if it is capable of doing so, and that it doesn't make sense to try to verify with rsa-sha256 if the signer used something else?

Spencer Dawkins Yes

Alexey Melnikov Yes

(Kathleen Moriarty) Yes

Comment (2017-09-27 for -04)
Thanks for your response to the SecDir review and addressing the problem in another draft.

(Alia Atlas) No Objection

Deborah Brungard No Objection

(Benoit Claise) No Objection

Suresh Krishnan No Objection

Warren Kumari No Objection

Mirja K├╝hlewind No Objection

Comment (2017-09-26 for -04)
Please check and address the feedback provided by the gen-art review (Thanks Jari!). My understanding is that the normative language was discussed in detail for this draft but Jari brought up a point on forward-comparability with future algorithms regarding verification. I would also be interested to at least see a reply to that!

Terry Manderson No Objection

Eric Rescorla No Objection

Alvaro Retana No Objection

Adam Roach No Objection

Comment (2017-09-26 for -04)
I would have expected section 4 to be explicit in the interaction between the requirement that "rsa-sha1 MUST NOT be used for signing or verifying" and the Authentication-Results header defined in RFC 7001. In particular, I would have expected to see guidance here whether receipt of a message using sha1 should be coded as "neutral" or "policy": as an implementor, I would be unsure which one to use.