Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type

ietf-dkim

Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type

2009-06-02 13:20:59


On Jun 2, 2009, at 4:17 AM, Dave CROCKER wrote:

Eliot Lear wrote:

  ... you do not see a benefit in stating the algorithm in the key  
record when it has already been stated in the header, that perhaps  
there is some nebulous potential downgrade attack.  Is that right?


Yes.

And it's not "the" algorithm in the DNS record; it's a list of  
possible algorithms.  The list does not help the receiver know which  
algorithm is used for a particular message.


The list allows a recipient, during transitions to new algorithms, to  
recognize whether it might be used by the domain, even when a receiver  
has not yet implemented the algorithm.  This feature should limit the  
range of exploits that might otherwise prove successful during a  
transition in algorithms that may take long periods before full  
adoption.

-Doug

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Siegel, Ellen Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Steve Atkins Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Eliot Lear Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Dave CROCKER Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Wietse Venema Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Eliot Lear Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Dave CROCKER Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Douglas Otis <= Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Murray Kucherawy Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Michael Thomas Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Eliot Lear Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Jon Callas Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Douglas Otis Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Murray S. Kucherawy Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Douglas Otis Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, hector Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Jon Callas Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Barry Leiba

Previous by Date:	[ietf-dkim] 4871bis/4871 interop, Stephen Farrell
Next by Date:	Re: [ietf-dkim] RFC4871bis - whether to drop -- x: Signature expiration, Douglas Otis
Previous by Thread:	Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Dave CROCKER
Next by Thread:	Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Murray Kucherawy
Indexes:	[Date] [Thread] [Top] [All Lists]