On Mon, 26 Feb 2007 16:50:26 -0000, EKR <ekr(_at_)networkresonance(_dot_)com>
wrote:
Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> writes:
On Feb 26, 2007, at 7:32 AM, John Levine wrote:
Why shouldn't receivers use their own best judgement about what
hashes are adequately strong, and why should they believe
statements from random spammers about relative strengths of crypto
algorithms?
Without a means for the signer to assert which algorithms are
deprecated, until the problematic algorithm can be obsoleted, a
downgrade vulnerability will exist. This period of this
vulnerability will likely be measured in years. Defining a way
forward does not need to alter existing structures, but instead
simply define how the signer can make the assertions when they are
needed.
I'm sure I'm going to regret wading in here, but...
We have two algorithms, A and B. Let's stipulate that B is stronger
than A. Now, the sender can have three policies: send A (SA) Send B
(SB) and send A+B (SAB). The receiver can similarly have three
policies, accept A (RA), accept B (RB) and accept A or B (RAB).
I don't think it's necessarily anything to do with the strengths of
algorithms or with deprecating anything. All we know is that the signer
has declared that he signs with two algorithms A and B, where the
deployment of A and B within verifiers worldwide may be different
(withoiut loss of generality, we are supposing that deployment of B is
worse than for A).
Why is the signer signing with two algorithms?
. Maybe because he is transitioning from A to B
. Maybe because dome dreadful flaw has been found in A
. Maybe because he thinks (rightly or wrongly) that B is (slightly) more
secure than A.
. Maybe because B consume less CPU resources to generate/verify
. Maybe because A's Patent Lawyers are leaning on him to pay royalties
. Maybe because it's Monday
. Maybe because he is plain stupid.
Whatever. That is what he has done, and the rest of the world has to live
with it and try somehow to keep the mail flowing and the spammers at bay.
And maybe the verifiers are stupoid too, and fail to implement the
algorithms they should be implementing, for eqally varied reasons.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html