From: Stephen Farrell
[mailto:stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie]
Phill,
Hallam-Baker, Phillip wrote:
> That does not allow for algorithm agility which I believe
is either > an explicit security area requirement now or
soon will be after the > SHA-1 issue is addressed.
Don't we already have alg. agility between signers and
verifiers, via the h= and k= fields of the key record?
No.
There are two agility issues, first can you use the new algorithms. The key
record can answer that one fine
The second is which algorithms should I expect? The key record does not answer
that as far as I can see and it is the wrong place to do that.
The key record should allow verification of the signature, the policy record
the sufficiency of the signature.
If so, then is what you're suggesting only of use when the
signer is different from the rfc2822.From domain?
No.
If so, do we expect that domains like that, that don't sign
for themselves, will find it useful to be specifying the
acceptable algorithms for their signed mail?
No, the scheme useful for two cases. The principle one being for when a domain
is in the process of a transition and wishes to support legacy signature
algorithms without opening up a downgrade attack vulnerabilty.
The use of remote selectors in the policy record is not the principle intended
use, but it is useful to some certainly and I don't see a good reason to block
it.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html