On May 22, 2006, at 4:25 PM, Douglas Otis wrote:
It could be helpful for details related to the algorithm's
representation in the binary key be posted for review. Resolving
the method of representation should allay some possible concerns.
The review of a strategy for using a key deprecation flag should
also be possible. Once there is an assured method to confirm an
unknown algorithm is currently offered by a signing domain,
detecting removal of a non-deprecated signature during a transition
is possible. A signed message must contain at least one non-
deprecated signature where the algorithm, even though unsupported
by the verifier, must still be confirmed as supported by the
signing domain in the referenced key. Without such a strategy, an
opportunity to exploit a deprecated algorithm continues over the
entire duration for a complete transition to occur, even in cases
where both the signing and the verifying domains supported a newer
non-exploited algorithm.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html