Folks,
If you can't rank algorithms, is there any meaningful concept of a
"downgrade attack"?
I'm sort of wondering though if Mark's problem here might be just as
easily solved by having a "current"/"next" kind of routine. That is,
only allow two in play at any one time, ...
I keep coming back to the very limited goal of DKIM and wondering whether the
concern about a downgrade attack isn't just a little too esoteric for that goal.
Besides that presumably, having multiple signature versions, as discussed here,
is only for transition times.
Do we really need to engineer such fine-grained mechanisms for protection
against attacks during limited windows of mis-opportunity, for a mechanism that
is only trying to aid in determining whether to deliver a message?
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html