On Mon, Oct 17, 2005 at 06:02:18PM -0500, Earl Hood allegedly wrote:
Hector raised a good point about attackers being able to exploit
this. I.e. If standardized DKIM is more secure, attackers will
exploit the legacy user base to get around the more secure version.
This is surely within the control of the sender, is it not? If the
sender chooses not to advertise legacy keys, then what exploit is
possible?
If a signer feels vulnerable to exploitation, they will only use the
safest signature mechanism available. Alternatively, if the signer is
more interested in compatibility they might choose a deployment that
maximizes successful verification. I expect that high value domains
are in the former category while the vast majority of low value
domains are in the latter category.
In effect this is the same issue that will arise when a future flaw is
discovered in the latest, greatest cryptographic algorithm. Signers
will need to decide what algorithmic choice to make as a consequence
and the specification needs to allow them to express those choices.
So, all we need to do in the specification is ensure these choices are
possible, then we can let signers manage their own risk themselves.
Mark.
_______________________________________________
ietf-dkim mailing list
http://dkim.org