[ietf-dkim] draft-ietf-dkim-threats-02 nit//Permitted and preferred algo


,---
| 4.1.14.  Cryptographic Weaknesses in Signature Generation
|
| The message signature system must be designed to support multiple
| signature and hash algorithms, and the signing domain must be able to
| specify which algorithms it uses to sign messages.  The choice of
| algorithms must be published in key records, rather than in the
| signature itself, to ensure that an attacker is not able to create
| signatures using algorithms weaker than the domain wishes to permit.
'___

This leaves out the "bid-down" concern.

Change to:

: The message signature system must be designed to support multiple
: signature and hash algorithms, and the signing domain must be able to
: specify which algorithms it uses to sign messages.  The choice of
: algorithms as well as the preferred algorithm offered when multiple
: signatures are added to a message must be published in key records,
: rather than in the just the signature itself, to ensure that an
: attacker is not able to create signatures using algorithms weaker than
: the domain prefers or wishes to permit.

-Doug
_______________________________________________

NOTE WELL: This list operates according tohttp://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

[ietf-dkim] jabber meeting announce - April 20th, 1600 (Dublin), Stephen Farrell

Next by Date:

[ietf-dkim] draft-ietf-dkim-threats-02 nit//Claim Responsibility for email address use?, Douglas Otis

Previous by Thread:

[ietf-dkim] jabber meeting announce - April 20th, 1600 (Dublin), Stephen Farrell

Next by Thread:

Re: [ietf-dkim] draft-ietf-dkim-threats-02 nit//Permitted and preferred algorithms., Stephen Farrell

Indexes:

[Date] [Thread] [Top] [All Lists]