RE: [ietf-dkim] The key record upgrade attack

[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Paul Hoffman

That's not what Doug said. He said:

 > >During a transition, it would be important to communicate

 what will be
 >offered and what has been deprecated.  Then these

options MUST be

available or the related signatures MUST be ignored.


I specifically object to the last three words.


OK, that is fine. 

What I was trying to say is that it is possible to meet the security 
requirement that Doug raised without coming into conflict with base.

The security requirement here is not a MUST. 

The only reason to look at a policy record is:

1) There is no security record there at all
2) You do not find one that you like

It is only in the second case that you would find a good signature and go look 
for a policy record anyway.

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] The key record upgrade attack, (continued) Re: [ietf-dkim] The key record upgrade attack, Michael Thomas Message not available Re: [ietf-dkim] The key record upgrade attack, Paul Hoffman Message not available Re: [ietf-dkim] The key record upgrade attack, Stephen Farrell Message not available Re: [ietf-dkim] The key record upgrade attack, Paul Hoffman Re: [ietf-dkim] The key record upgrade attack, Stephen Farrell Re: [ietf-dkim] The key record upgrade attack, Hector Santos RE: [ietf-dkim] The key record upgrade attack, Hallam-Baker, Phillip Re: [ietf-dkim] The key record upgrade attack, Damon RE: [ietf-dkim] The key record upgrade attack, Hallam-Baker, Phillip RE: [ietf-dkim] The key record upgrade attack, Paul Hoffman RE: [ietf-dkim] The key record upgrade attack, Hallam-Baker, Phillip <=