From: Douglas Otis [mailto:dotis(_at_)mail-abuse(_dot_)org]
Such a mechanism MUST NOT
* Require the verifier to perform any additional DNS lookups.
* Require duplication of configuration data
* In particular not require the policy record to
provide for the
description of any cryptographic or cannonicalization
algorithm
Without being able to specify the critical elements that must
be found within a superseding signature, there is no
assurance that a spoofed and unsupported signature has not
replaced the stronger algorithm. Spoofing could be
accomplished by simply listing a different query mechanism.
The question is whether the information is expressed in the policy record
directly or in some other form.
There have been several objections made to including algorithm information in
the policy record. I agree with them. Specifying the same information in two
places creates the possibility of inconsistency. It means that the policy
language needs to be much more complex etc.
There are several ways in which the restriction can be specified without
including the algorithm information in the key record directly. The simplest is
to specify a lexical restriction on the set of key selectors as proposed on the
list.
Since there is possibly some ambiguity here I suggest ammending the last point
to read:
* In particular not require the policy record to
provide for the direct description of any
cryptographic or cannonicalization algorithm
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html