Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> writes:
On Apr 3, 2006, at 9:53 AM, Arvel Hathcock wrote:
1. Whether we want to have a mechanism to let the signature survive
the reordering of multiple sig headers or not. I've heard Mike and
Dave say no, we don't. Is that correct?
I've also said it's added complexity that I don't think we need.
2. Whether we want to be able to detect the removal of a signature
header (as perhaps in the case of a "stronger" one and leaving a
"weaker" one). I think the consensus is that we don't care about
this; I'd like to confirm that.
Right, we don't care about that.
Email can not easily negotiate these algorithms. Are you expecting
to sign messages differently for each recipient?
A verifier must be able to detect when a stronger signature has been
removed when two signatures are offered. Without this ability to
detect such a removal, all verifiers and senders will remain at risk
to a downgrade attack during perhaps a _very_ long algorithm
transition period. It requires very little to repair this problem at
the outset.
Sorry, I still don't understand what the purpose or impact of this
attack is. Can you explain?
-Ekr
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html