Eric, et al,
Eric Rescorla wrote:
> If we have two algorithms, Old and New, then there are three
> kinds of signer and receiver, respectively: Old, New, and Both.
> This gives us a 3-3 interop matrix, with four possibilities at
> each cell:
In the interest of exploring a simplification, let me re-raise a perspective
that has been expressed by others:
It is important to be able to have multiple signatures, for transition issues,
to make sure that the signer and validator share at least one, common
algorithms. That is the *only* concern about multiple signatures.
One can take the position that question of "strength" is almost completely
irrelevant.
Here's why:
The validator either considers a signature "strong" enough or they don't. That
choice is the validator's and it does not matter in the least whether the signer
agrees.
If someone does a downplay attack, the validator might be looking at a signature
that is "weaker" but it won't matter. Either the validator will consider it
strong enough or they won't.
So, my question is: what is wrong with this view of the issue?
Unless there is a compelling reason against this view, then it means that the
most a DKIM specification needs to do is to include an observation like this, in
order to a) acknowledge that there are downplay attacks, and b) demonstrate that
they are not really relevant.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html