On Jun 22, 2006, at 2:21 PM, Stephen Farrell wrote:
Douglas Otis wrote:
On Jun 22, 2006, at 10:45 AM, Eric Allman wrote:
There are many reasons I don't like this proposal. Let me start
with the easily fixed ones:
(1) Overloading existing tags to add new functionality is absurd.
Adding "d" to the end of the version has nothing to do with the
version;
Eric's right there IMO.
>> (3) Wasn't the issue of downgrade attacks discussed in Dallas and
>> resolved on the list? In specific, it was issue 1196 (Upgrade
>> indication and protection against downgrade attacks). As near as
>> I can tell, the exact same issues that Doug is raising were
discussed
>> in this issue, and a frankly much more elegant approach was
proposed.
>> Why is this issue alive again?
>
> This issue still needs review.
We have consensus that 1196 [1] is closed. One voice doesn't change
that.
Stephen.
[1] https://rt.psg.com/Ticket/Display.html?id=1196
There remains the issue describing a deprecated algorithm as being
ignored, which is identical to treatments for obsolete algorithms
(signature versions). Perhaps there could be few minutes placed on
the agenda to allow an attempt to explain why this could become a
problem. The solution could be as simple as defining an optional c=
tag (concurrent requirement) in the key.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html