ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] agenda item on upgrading hash algorithms?

2006-02-24 09:16:51


John Levine wrote:
It seems to me that since DKIM signatures are expected to have short
lifetimes and to have only moderate value, and that we've established
quite thoroughly that there is not yet an obvious successor to SHA-1,
it would be OK simply to note that we'll need something more secure in
the future and leave it at that.

I didn't get that impression from this thread.

My impression was that the consensus was heading towards something
very close to Dave's message from a few days ago [1], but I wasn't
clear exactly on whether we ended up with a MUST or SHOULD on
sha-256 for signers.

Almost quoting Dave:

    A validator MUST support {SHA-1, SHA-256}.
    A signer [SHOULD|MUST] use {SHA-256}.

Stephen.

[1] http://mipassoc.org/pipermail/ietf-dkim/2006q1/002326.html

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>