ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: 1368 straw-poll : (was: Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks)

2007-02-26 10:13:10
from [Michael Thomas] [Permanent Link] 
Douglas Otis wrote:
You receive a message where the signer has indicated that sha256 has been deprecated, or perhaps the original signature association scheme has been deprecated, or perhaps the canonicalization algorithm has been deprecated. To permit a graceful transition, both the deprecated algorithm (whatever that might be) and some shiny new algorithm must now be included with the message. Once your verifier adopts the shiny new algorithm, both you and the sender have obtained a higher level of protection not vulnerable to downgrade attack. This protection depends upon a means for the signer to assert which algorithm is deprecated, and what shiny new algorithm is being offered. 

Phill -- do you agree with this?

At least I can see the potential issue here.

        Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] Re: 1368 straw-poll :, EKR
Next by Date:  Re: [ietf-dkim] Re: 1368 straw-poll, Mark Delany
Previous by Thread:  Re: [ietf-dkim] Re: 1368 straw-poll :, Charles Lindsey
Next by Thread:  [ietf-dkim] Re: 1368 straw-poll :, Mark Delany
Indexes:  [Date] [Thread] [Top] [All Lists]