ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Crypto Algorithm policy/practice

2006-08-02 04:16:08
from [Stephen Farrell] [Permanent Link] 


Michael Thomas wrote:
I know that we've gotten a barrage in the last few days but is there support for having policy for what algorithms a domain uses? I assume this is to deal with bid-down attacks. I know where we stand wrt this with -base, but don't remember 
whether we were given any guidence wrt -ssp, or whether there was general
support for this in -ssp.

      Mike


Doesn't that have an implication of an SSP lookup even for signatures
that are cryptographically correct?

There're also no bidding down attacks, just spoofs here so I think the
logic that says this isn't needed for base also applies to SSP. But I
guess maybe something's different.

So, not sure myself if its useful in SSP, but maybe worth including as
a candidate req. in your -00 anyway.

S.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] Back to basics with requirements, Patrick Peterson
Next by Date:  Re: [ietf-dkim] New Requirements: SSP must offer Highest Protection Possible, Stephen Farrell
Previous by Thread:  Re: [ietf-dkim] Crypto Algorithm policy/practice, Hector Santos
Next by Thread:  [ietf-dkim] A more fundamental SSP axiom, John L
Indexes:  [Date] [Thread] [Top] [All Lists]