Folks,
In:
<http://mipassoc.org/pipermail/ietf-dkim/2009q2/011959.html>
Steve Atkins posted a list of suggested DKIM features to drop.
This note is intended to anchor a discussion thread for discusses one of those
features, namely:
Drop support for SHA1 entirely. It's beginning to look
cryptographically very dubious, and is being dropped by pretty much
everyone else. Even if the attacks against it don't affect the way
it's used in DKIM it seems unwise to suggest it be used at all. At the
very least it seems a poor "marketing" move to include an algorithm
that's been dropped by most everyone else as insecure before this spec
is finalized.
"Verifiers MUST support rsa-sha256 and MAY support rsa-sha1.
Signers SHOULD sign using rsa-sha256 and SHOULD NOT sign using rsa-
sha1." might provide enough wiggle room to allow existing code time to
migrate away from SHA1.
Please discuss arguments for and against dropping this.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html