Douglas Otis wrote:
You receive a message where the signer has indicated that sha256 has
been deprecated, or perhaps the original signature association scheme
has been deprecated, or perhaps the canonicalization algorithm has been
deprecated. To permit a graceful transition, both the deprecated
algorithm (whatever that might be) and some shiny new algorithm must now
be included with the message. Once your verifier adopts the shiny new
algorithm, both you and the sender have obtained a higher level of
protection not vulnerable to downgrade attack. This protection depends
upon a means for the signer to assert which algorithm is deprecated, and
what shiny new algorithm is being offered.
Phill -- do you agree with this?
At least I can see the potential issue here.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html