Paul Hoffman wrote:
At 10:10 AM -0800 2/26/07, Dave Crocker wrote:
Paul Hoffman wrote:
At 8:48 AM -0800 2/26/07, Dave Crocker wrote:
The proposed mechanism incurs an additional lookup for every signed
message.
You keep saying this without justifying it. Others have shown it to
be wrong. Please stop repeating it or support your statement.
Actually, they haven't.
Well, at least I have. If a recipient gets a message with a valid
signature, they never need to look up an SSP record. That refutes your
statement pretty fully, doesn't it?
I have no idea.
The discussion is about algorithm transitions. Those aren't interesting
things to talk about unless there is a signature. My understanding of the
current topic is that it pertains to an SSP query that is only worth making
when there is a signature.
Some of the discussion seems to be about having a signature that is valid but
not "strong enough". That might not be a scenario that you have in mind, but
it sure seems to be one that is being discussed.
If there are no valid signatures, then I do not see how it is relevant to talk
about algorithm agility.
All of which suggests that we have a few people who each feel they have a
clear and solid understanding of the topic, but not necessarily that they
share the same clear and solid understanding.
It further leaves out poor folk like me, whose only clear and solid
understanding is that I have no clear or solid understanding of the problem
that is claimed to be solved or why the problem is worth solving.
Were DKIM intended to have signatures that lasted years, that might
make sense. Since it isn't, I am pretty sure it doesn't.
And you would be wrong. If I am signing a message with both A and B, it
doesn't matter how long the key for each signature lasts; the transition
lasts for as long as I am using both algorithms. This is no different
than any other security protocol.
It does if the entire premise for a signature is that it is very short-lived,
because it means that a transition can -- and should -- be targeted also to be
short-lived for a given signer.
That is, indeed, very different from other security protocols.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html