[Sorry about the truncated message. Once more with FEELING...]
Tony Hansen wrote:
There will need to be an IANA registry of signing algorithms, and we
should actually point at that. Both key types ("rsa") and hash
algorithms ("sha-1", "sha-256") are pieces that will need to be
registered. We will need an IANA Considerations section dealing with the
registry process.
You only need a registry if you're NOT going to require an RFC to update
the algorithm. I think such an RFC is desirable, if nothing else to
indicate which algorithms are deprecated, and perhaps why. Conversely,
we could go for a registry and tie ourselves to an as of yet uninvented
process whereby the security directorate could do this for a group of
protocols all in one go. My recommendation is that we plan former, but
expect someone to update the process either just prior to or sometime we
get through the process. In either case it shouldn't slow us down.
Eliot
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html