On Feb 27, 2006, at 2:24 PM, Eric Rescorla wrote:
Given that, I think that we should either:
1. Require SHA-1 and SHA-256 verification support and recommend
signatures with SHA-1.
2. Require SHA-1 and SHA-256 verification support and recommend
(require?) signatures with SHA-256.
3. Require SHA-256 support and forbid SHA-1 in both generation
and verification.
Option (3) seems like overkill. I don't have a strong opinion
between (1) and (2), but probably lean towards (2) on the grounds
that it's better to use something that we don't know has problems,
even probably irrelevant ones.
Agreed. When recipients rely upon DKIM for an assurance of the
source domain for a message, improving the success rate of phishing
attacks may make dedicated hardware or distributed botnet computing
both a practical and relevant means to exploit these weaknesses.
It is also equally important to be concerned about DNS security.
Executing hundreds of DNS queries in series, dictated by a foreign
entity, seems insecure. Yet many are currently suggesting DKIM be
done in conjunction with this practice.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html