-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jun 2, 2009, at 4:17 AM, Dave CROCKER wrote:
Eliot Lear wrote:
... you do not see a benefit in stating the algorithm in the key
record when it has already been stated in the header, that perhaps
there
is some nebulous potential downgrade attack. Is that right?
Yes.
And it's not "the" algorithm in the DNS record; it's a list of
possible
algorithms. The list does not help the receiver know which
algorithm is used
for a particular message.
Okay. I misunderstood. If it's a DNS-level list of all possible
algorithms, it has very limited use, and can go.
The only use I can see of it is the case where you have many live
messages out there, some of them with (e.g.) RSA and others with
(e.g.) ECDSA and you want to make all RSA messages start failing now,
and yet for some reason want to keep the RSA keys still in the DNS.
Pull it.
Incidentally, someone told me yesterday that the NIST schedule for
deprecating RSA-2048 is 2017. While that is a bit early for
cryptographic reasons, it's not horribly bad for the bureaucratic push
toward EC. That means that my snotty remarks about grandchildren are
inaccurate. We're going to be folding ECDSA into DKIM five years or
less, so it might as well be now. We need to make sure that *that* is
on the work list for -bis.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFKJZvwsTedWZOD3gYRAgu0AKCsfHnuvc9i5KbqRLbZjcMAeOV9LQCgkOTG
1j9OmcdUzzCUhZcmWdKqU+U=
=1M/N
-----END PGP SIGNATURE-----
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html