Mark Delany wrote:
On Thu, Feb 16, 2006 at 08:20:57AM -0800, Dave Crocker allegedly wrote:
I keep coming back to the very limited goal of DKIM and wondering whether the
concern about a downgrade attack isn't just a little too esoteric for that goal.
It happens that it also solves the agility requirement too.
I think the case for having agility has been well and strongly made, and I
certainly was not challenging that.
Having an agility approach that we like more than any other approach, and that
just happens to be robust against downgrade attack, is different than focusing
on the concern for downgrade attack.
I was hearing the latter, not the former.
I am belaboring this issue because of the tendency that is true for all
engineering, but particularly true for security engineering: The tendency to
worry more about every possible problem than any real need.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html