ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type

2009-06-02 14:57:12
from [Douglas Otis] [Permanent Link] 

On Jun 2, 2009, at 11:29 AM, Dave Crocker wrote:


There are much easier ways to do a dos attack.


IIRC, this feature was intended to reduce the number of unsupported  
algorithms that might be otherwise accepted because the algorithm was  
not yet adopted by the receiver.

Unless the key indicates rsa-md6 for example, then accepting messages  
that do not verify because MD6 is not yet supported by the receiver  
would not be given a pass because the DKIM key did not indicate the  
domain uses MD6.

This is not about DoS avoidance, although this might be one of the  
benefits.  This is about algorithm agility.

-Doug

  
  
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] RFC4871bis - whether to drop -- x: Signature expiration, Michael Thomas
Next by Date:  Re: [ietf-dkim] RFC4871bis - whether to drop -- SHA1 support, Murray S. Kucherawy
Previous by Thread:  Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type, Dave Crocker
Next by Thread:  [ietf-dkim] A meta-note: stepping back from the feature discussion, Jon Callas
Indexes:  [Date] [Thread] [Top] [All Lists]