[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Mark Delany
Dave Crocker wrote:
The proposed mechanism incurs an additional lookup for every signed
message.
Whatever algorithm policy you embed in a separate SSP can
just as easily be embedded in the Selector of the weakened key.
Almost, you still need a means to tell the verifier that there are distinctions
between the published keys. In the proposal I am making this is by means of a
constraint on the key selectors.
But maybe that just means I don't get any of the discussion
about downgrade attacks or weakened keys needing a separate
SSP. As others have said TTL is irrelevant because they are
always going to be many orders of magnitude smaller than the
response time of human administrators. Heck most
administrators haven't even heard of DKIM yet alone the
discovery of any algorithmic weakness.
The issue is not the transition at one site, it is the transition for the
entire Internet. As it stands I can not start to sign with new algorithm B and
advertise a useful policy until every verifier supports B.
I was under the impression that a separate SSP can only add
value for domains *not* verified by the signature.
Policy can only add value for messages that are not verified by an acceptable
signature. In this case acceptable meaning 'I trust it' and 'I implement it'.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html