ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Supporting alternate algorithms

2006-02-21 15:02:11
Ned,

The problem here isn't that someone could configure the use of some random signature algorithm and still remain compliant, but rather that someone can write an implementation which supports generation of neither SHA-1 nor SHA-256 signatures and still be compliant. As such, I suggest making support
for SHA-256 on generation a MUST and SHA-1 a SHOULD. Both SHA-1 and SHA-256
need to be a MUST for verifiers.


I am not sure whether your text covers the point I want to pursue, in this note. Since I think it is a core requirement, I want to make this explicit:

A signer needs to have at least one algorithm that I can use that they can be positive will supported by *all* validators.

Whether there is only one and whether it is "preferred" are separate issues, to 
me.

That's why I distinguished between "MUST support" vs. "SHOULD use".

d/
--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html