,---
| 4.1.14. Cryptographic Weaknesses in Signature Generation
|
| The message signature system must be designed to support multiple
| signature and hash algorithms, and the signing domain must be able to
| specify which algorithms it uses to sign messages. The choice of
| algorithms must be published in key records, rather than in the
| signature itself, to ensure that an attacker is not able to create
| signatures using algorithms weaker than the domain wishes to permit.
'___
This leaves out the "bid-down" concern.
Change to:
: The message signature system must be designed to support multiple
: signature and hash algorithms, and the signing domain must be able to
: specify which algorithms it uses to sign messages. The choice of
: algorithms as well as the preferred algorithm offered when multiple
: signatures are added to a message must be published in key records,
: rather than in the just the signature itself, to ensure that an
: attacker is not able to create signatures using algorithms weaker than
: the domain prefers or wishes to permit.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html