On Wed, 22 Feb 2006, Hector Santos wrote:
Jon,
Is there any issue in regards to the idea of having a signer/validator
capability logic?
We can have a base defaults (SHA1, SHA-256) or whatever you experts deem
necessary. But in an advanced implementation, the validator can define its
cryptographic validation strengths which a signer can look up and use. This
will give the signer HIGHER CONFIDENCE that a reception will not fail due to
hashing mismatches.
Example:
santronics.com exposes it supports the algorithms:
k=sha1, sha256, sha512, whirlpool, other;
If bankofamerica.com had a relationship with one of our users, it can lookup
the santronics.com capability and choose the highest strength.
What you're advocating here is recipient email policy record, correct?
BTW - Regarding this debate I think you need to say that both SHA1 and
SHA256 MUST be supported but allow sending systems to choose which one
they want to use. And as I mentioned long ago I also think you need to
separate PKI algorithm from hash algorithm as was done for text key
record syntax (you can also just change rsa-sha1 to rsa/sha1 since you
seem to use '/' as separate for multi-part tags anyway...).
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html