ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks

2007-02-25 09:36:43
from [John Levine] [Permanent Link] 
Every protocol with algorithm agility but not a fixed list of "MUST
implement" algorithms has this issue.


Is there any reason that SSP couldn't require that anyone who makes a
statement that he signs messages must sign with all the signature algs
he supports?

This would be an SSP MUST, not a DKIM MUST.

R's,
John
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: Today's jabber notes..., John Levine
Next by Date:  Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Tony Hansen
Previous by Thread:  Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Tony Hansen
Next by Thread:  Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Jim Fenton
Indexes:  [Date] [Thread] [Top] [All Lists]