On Jun 2, 2009, at 4:17 AM, Dave CROCKER wrote:
Eliot Lear wrote:
... you do not see a benefit in stating the algorithm in the key
record when it has already been stated in the header, that perhaps
there is some nebulous potential downgrade attack. Is that right?
Yes.
And it's not "the" algorithm in the DNS record; it's a list of
possible algorithms. The list does not help the receiver know which
algorithm is used for a particular message.
The list allows a recipient, during transitions to new algorithms, to
recognize whether it might be used by the domain, even when a receiver
has not yet implemented the algorithm. This feature should limit the
range of exploits that might otherwise prove successful during a
transition in algorithms that may take long periods before full
adoption.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html