ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] Secrtion 6.3 Comments on draft-ietf-dkim-ssp-requirements-02.txt

2006-10-23 11:32:43
from [Hallam-Baker, Phillip] [Permanent Link] 
6.3
11. The Protocol MUST NOT be required to be invoked if a valid first party 
signature is found.

Should be:

The Protocol MUST NOT be required to be invoked if a valid first party 
signature that satisfies the cryptographic criteria of the recipient is found. 


If I look at the email and find a satisfactory signature I am done. If I don't 
find any signature at all *or I find only a weak signature* I need to look at 
the policy.

Otherwise the requirements of 5.7 are unmet.


This requirement only starts to have real effect when we have a serious enough 
compromise of SHA or RSA1024 to mean that verifiers would reject weak 
signatures. I don't expect to get there until 2015 but I do expect to get there 
eventually.



Also I would like to reword 12:

[PROVISIONAL] A domain holder MUST be able to publish a Practice which 
enumerates the acceptable cryptographic algorithms for signatures purportedly 
from that domain. 

To be 

12a [PROVISIONAL] A domain holder MUST be able to publish a Practice which 
specifies the acceptable application of cryptographic algorithms for signatures 
purportedly from that domain. 

12b [PROVISIONAL] A domain holder MUST be able to publish a Practice which 
specifies the application of multiple signatures with different cryptographic 
algorithms for messages purportedly from that domain. 


The difference here is key to the distinction between my proposal and the 
existing one. A mere enumeration of the acceptable algorithms does not allow 
the upgrade/downgrade attack to be effectively defeated. Merely saying 'I 
support SHA-256' does not in fact strengthen the policy.

Also the term 'enumeration' expresses the assumption that the algorithms will 
be listed in the policy record. I don't think they should go there. The proper 
place for them is in the key record. This avoids the need to duplicate the 
information and is in any case necessary to meet requirement 11 which can only 
be met if the key records effectively enumerate the set of acceptable 
algorithms.




_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] More Comments on draft-ietf-dkim-ssp-requirements-02.txt, Hallam-Baker, Phillip
Next by Date:  RE: [ietf-dkim] Comments on draft-ietf-dkim-ssp-requirements-02.txt, Hallam-Baker, Phillip
Previous by Thread:  [ietf-dkim] More Comments on draft-ietf-dkim-ssp-requirements-02.txt, Hallam-Baker, Phillip
Next by Thread:  Re: [ietf-dkim] Secrtion 6.3 Comments ondraft-ietf-dkim-ssp-requirements-02.txt, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]