Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgra

ietf-dkim

Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks

2007-02-27 16:26:59

If you mean to just require that and not actually list the algorithms,the verifier would have no way of determining what algorithms the signeruses, without a list of all its selector names.


If you mean to list the algorithms, isn't that what Phill is proposing?

-Jim

John Levine wrote:

Every protocol with algorithm agility but not a fixed list of "MUST
implement" algorithms has this issue.


Is there any reason that SSP couldn't require that anyone who makes a
statement that he signs messages must sign with all the signature algs
he supports?

This would be an SSP MUST, not a DKIM MUST.

R's,
John
_______________________________________________

NOTE WELL: This list operates according tohttp://mipassoc.org/dkim/ietf-list-rules.html

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Hallam-Baker, Phillip Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Paul Hoffman Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Dave Crocker Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Hector Santos Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Paul Hoffman Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Dave Crocker Message not available Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Tony Hansen Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, John Levine Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Jim Fenton <= Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Michael Thomas [ietf-dkim] Email upgrade history, Dave Crocker Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Paul Hoffman Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Dave Crocker Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Michael Thomas Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Jon Callas Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Charles Lindsey Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Michael Thomas Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Jon Callas Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks, John Levine

Previous by Date:	Re: [ietf-dkim] Issue 1365: drop "never send mail"?, Michael Thomas
Next by Date:	RE: [ietf-dkim] Issue 1365: drop "never send mail"?, Hallam-Baker, Phillip
Previous by Thread:	Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, John Levine
Next by Thread:	Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Michael Thomas
Indexes:	[Date] [Thread] [Top] [All Lists]