ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type

2009-06-01 13:21:31
Siegel, Ellen wrote:
   TXT RR tags
      
     k: Key type

Much the same as h=, with the added issue that there's only one
possible key type right now, and if there were a need for k= in the
future it could be added in the same RFC that adds support for
anything other than RSA.
      
Dropping this to remove clutter seems like a reasonable idea, but it would be 
necessary to meet a couple of conditions to prevent breakage due to the 
number of existing records with this tag. 

      - implementations would have to ignore any tags they don't recognize 
(this should already be required, so should be no problem)

      - if this functionality is added back in later, it needs to be done in 
a way that breaks neither records with k tags nor records without a key type 
specifier (again, backwards compatibility requirements should make this 
obvious, but if enough time elapses it's possible people will forget about 
the existing k tags). 
  

This argument is a great example of "people who ignore history are 
doomed to repeat it".

The reason that all of the k= h= etc exist was a carefully crafted 
compromise with the rest
of the security community and the IESG to deal with algorithm agility. 
If we strip it all
out, we're either dooming ourselves to having this argument again, or 
hoping that community
is asleep at the switch because they didn't know what they were talking 
about the first time
around.

       Mike
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html