ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks

2007-02-28 17:40:10
Mike, this is what I was trying to say in a previous post. You are exactly right. We have already faced this situation and it has proven itself in the field to work just fine.

Arvel

Michael Thomas wrote:
I'm still not seeing what the problem is with things as they stand now.
We've already been through a transition with sha1 and sha256. The
solution was to make both signatures in the transition and set the
h=sha1|sha256; in the selector. All you do when you're ready to
completely transition is only sign with the new algorithm and set
h=sha256; in the selector. This is exactly the kind of case we wanted
to get right for -base and as far as I can tell it worked exactly as
intended.

I'm honestly not trying to be obtuse here.

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>