ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Proposal for specifying syntax and semantics for multiple signatures

2006-04-04 14:15:36
Dave Crocker <dhc(_at_)dcrocker(_dot_)net> writes:

Eric, et al,

Eric Rescorla wrote:
 > If we have two algorithms, Old and New, then there are three
 > kinds of signer and receiver, respectively: Old, New, and Both.
 > This gives us a 3-3 interop matrix, with four possibilities at
 > each cell:


In the interest of exploring a simplification, let me re-raise a
perspective that has been expressed by others:

It is important to be able to have multiple signatures, for transition
issues, to make sure that the signer and validator share at least one,
common algorithms.  That is the *only* concern about multiple
signatures.

One can take the position that question of "strength" is almost
completely irrelevant.

Here's why:

The validator either considers a signature "strong" enough or they
don't.  That choice is the validator's and it does not matter in the
least whether the signer agrees.

If someone does a downplay attack, the validator might be looking at a
signature that is "weaker" but it won't matter.  Either the validator
will consider it strong enough or they won't.


So, my question is:  what is wrong with this view of the issue?

In this context, I think nothing.

-Ekr
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>