dkim-ops
[Top] [All Lists]

Re: [dkim-ops] DKIM - ATPS

2010-09-24 15:33:46

Murray S. Kucherawy wrote:

So I'll switch ATPS to what TPA did and use SHA1+base32, which 
constrains the encoding to 32 bytes just like MD5 and isn't that 
much more expensive but is definitely more palatable.

This might suggest then the ATPS extension for ADSP might need 
something like a DKIM's k= for the _adsp._domainkey.author-domain record:

     atps=y; k=md5;     <-- easy, but not IETF recommended
     atps=y; k=murray;  <-- SHA1+base32, maybe IETF recommended
     atps=y; k=future;

in fact, you might as well go the extra mile with a plain text:

     atps=y; k=text;

Because IMHO, we don't have to waste time with the inevitable - how 
hashing doesn't hide anything against anyone we are worry about, but 
increases the complexity and management for the average person. 
Literal storage is better in my view because most domains are not 
going to subject their users to extremely long names.   As a side 
note: the WebSocket WG people are going through a similar issue right 
now with complaints of useless complexity with its hashed ping/pong 
handshaking that doesn't solve any security hacking attempt whatsoever 
but made it more complex for application developers to implement.

Using k= as suggested above may allow showing how ATPS early adopters 
want to do this during the experimentation phase.

-- 
HLS



_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops

<Prev in Thread] Current Thread [Next in Thread>