ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] #1196: Base: Upgrade indication and protection against downgrade attacks

2006-05-17 08:34:24
from [Douglas Otis] [Permanent Link]
There are two aspects not covered by this recommendation. Rather than marking preferred keys with a tag, keys that are depreciated should be marked instead. This inversion of the logic allows easier upgrading.
- When a verifier detects a signature is using a key marked as depreciated, it must verify the existence of an additional signature supported by the signing domain not marked as depreciated, and confirm the correspondence of the signature algorithm with that of the key.
- If the verifier supports the algorithm of the signature using a key not marked as depreciated, this signature SHOULD be used instead.
- If there are no additional signatures not marked as depreciated, or where the algorithm of the signature is not confirmed to correspond with the key, the message signature for that domain SHOULD be considered invalid. 

-Doug


_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [ietf-dkim] #1196: Base: Upgrade indication and protection against downgrade attacks, Douglas Otis <=
Previous by Date:  [ietf-dkim] Reducing threat impact, Douglas Otis
Next by Date:  Re: [ietf-dkim] Issues list, Michael Thomas
Previous by Thread:  [ietf-dkim] Reducing threat impact, Douglas Otis
Next by Thread:  [ietf-dkim] ietf jabber rooms, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]