Hallam-Baker, Phillip wrote:
From: Stephen Farrell [mailto:stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie]
Phill,
Hallam-Baker, Phillip wrote:
> That does not allow for algorithm agility which I believe
is either > an explicit security area requirement now or
soon will be after the > SHA-1 issue is addressed.
Don't we already have alg. agility between signers and
verifiers, via the h= and k= fields of the key record?
No.
There are two agility issues, first can you use the new algorithms.
> The key record can answer that one fine
That's why I thought we were agile enough already:-)
The second is which algorithms should I expect? The key record does
> not answer that as far as I can see and it is the wrong place to
> do that.
Why? Surely all that can happen is stripping of the stronger
sig and we already decided that that wasn't a bother for base,
so why is it a problem now? (Maybe I mis-remember but I think
we decided it was a non-problem, not that it was a problem
to punt to SSP.)
S.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html