The working group decided that it would not discuss downgrade attacks in BASE.
I said at the time I would raise them in policy. The only reason to have policy
is to stop a downgrade attack.
Unless you understand that you don't understand policy. The only reason that
DKIM has a policy layer is to prevent an attack where the attacker sends a
message without a signature or with an unverifiable signature because the
signature alg, digest or C18n algorithm are not supported by that receiver.
I am getting a bit fed up of folk who first say they don't understand policy
and then opine about what policy must be and tell everyone else that they are
wrong.
This is a much simpler task than people are making it out to be.
If policy is on the table then so is discussion of the downgrade attack.
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Dave Crocker
Sent: Wednesday, August 02, 2006 6:46 PM
To: Stephen Farrell
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Re: How MALLET PERFORMS a DOWNGRADE ATTACK
Stephen Farrell wrote:
Hallam-Baker, Phillip wrote:
NO MALLET PERFORMS A SUCCESSFUL DOWNGRADE ATTACK.
I could quibble. That's not a downgrade attack since Alice
parallel-signed with both.
I was under the impression that the working group had said
that it was not concerned about downgrade attacks, for the
DKIM usage being discussion.
Assuming I got that correct, why is it still being discussed?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html