A signer publishes to support a new algorithm "rot13". If
spammers happen to know that certain receivers don't support
"rot13", they can forge (invalid) "rot13" signatures in
phishes to these receivers.
John introduced ROT13 but unless I am severely mistaken he was arguing
that this attack was unimportant.
No, I was arguing that a sender's opinion about the relative merits of
algorithms is useless to a receiver, so there is no point in
publishing it. Wietse summarized the reasonable approach to verifying
signatures well enough that I won't try and do so again.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html