Tony Hansen wrote:
There will need to be an IANA registry of signing algorithms, and we
should actually point at that. Both key types ("rsa") and hash
algorithms ("sha-1", "sha-256") are pieces that will need to be
registered. We will need an IANA Considerations section dealing with the
Do we really need that? There won't be a point in time where there
are 100 interesting DKIM signature algorithms, ever. (Now there's a
hostage to fortune:-)
There might be 10, I guess if I add up the various combinatorics (and
assuming that only a couple of ECDSA options are interesting).
S/MIME and PKIX do this via their RFCs (e.g. RFC 3279 for PKIX).
I think we could do the same, for *additional* algorithms and just
have the base spec include the consensus language on MUST/SHOULD
for rsa/sha-<foo>. An "additional algorithms" RFC could then be
developed later on, off the critical path. If it ever gets to be
unmanageable then someone can ask IANA for help.
NOTE WELL: This list operates according to