ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks

2007-02-25 16:09:40
from [Michael Thomas] [Permanent Link] 
Paul Hoffman wrote:

At 10:53 AM -0800 2/25/07, Michael Thomas wrote:

At this point, all we have is MUST implements. Considering there is
no opportunity for negotiation with mail, MAY/SHOULD implement
algorithms seems like a pretty bad idea altogether.
We have no prohibition on implementing additional algorithms, so it is fine for someone to implement, for example, DSA signatures. 

Well, I can implement rot13 too, but that doesn't make it standard or
useful. If we standardize something in the future, all we need to do
is make it a MUST for the extension and it stays within your bounds.
I can't see any reason why we'd _ever_ make an algorithm anything
less than MUST since the senders and receivers can't exchange their
capabilities.



So is this still a real
problem for DKIM?
Yes, it still is, because we didn't say (and should not have said) "MUST NOT implement any other signature algorithm". 

I'm sorry but this doesn't make any sense at all to me.

      Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks, John Levine
Next by Date:  Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Charles Lindsey
Previous by Thread:  Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Dave Crocker
Next by Thread:  Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Jon Callas
Indexes:  [Date] [Thread] [Top] [All Lists]