| 10. [PROVISIONAL] A domain holder MUST be able to publish a Practice
| which enumerates the acceptable cryptographic algorithms for
| signatures purportedly from that domain.
|
| [INFORMATIVE NOTE: this is to counter a bid down attack; some
| comments indicated that this need only be done if the
| algorithm was considered suspect by the receiver; I'm not
| sure that I've captured that nuance correctly]
My input:
This is a implementation and "Product Feature" concept.
Having this available will offer implementations the ability for DKIM
domains to predetermine the failure or survivability of a message being send
to a target. It also allows for any need for a domain to explore and offer
new more secure hashing methods.
I personally see this as a "highly desirable" feature that would add a few
stars to a software package. I also see this as something very desirable in
a social, vendor or business network.
I used the example of a Bank using DKIM for its user e-Banking needs. The
user signs up, and the bank gets the user's email address. The bank runs a
quick check to see if the email address is
a) DKIM verifier ready,
b) Highest Hashing Security available.
If not, it might offer the user a special DKIM secured email address maybe
from another DKIM vendor (business opportunity).
Think about it from a company policy liability standpoint.
If a high-value domain is going to now have a new borderline legal
responsibility by simply implementing DKIM as part of it signature process,
it would be prudent that it will take some measure to increase the
survivability, the strength of the "highly private" email communication with
the user where there is a high expectation or desirability for no failure.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html