Sean,
I really feel that we need to have two MUST signature algorithms for safety.
When ECC signatures where present that was fine. Without having the ECC
signature algorithms we really must have one of the DSA algorithms as a must
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org [mailto:owner-ietf-
smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Turner, Sean P.
Sent: Monday, July 28, 2008 6:53 PM
To: 'Blake Ramsdell'; 'Jim Schaad'
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: RE: I-D ACTION:draft-ietf-smime-3851bis-04.txt
>-----Original Message-----
From: Blake Ramsdell [mailto:blaker(_at_)gmail(_dot_)com]
On Mon, Jul 28, 2008 at 6:17 AM, Jim Schaad
<ietf(_at_)augustcellars(_dot_)com> wrote:
1. We are not currently making any support statements for DSA w/
the
SHA-256 hash algorithms. Should we be doing so?
Unless it's a SHOULD+, no.
I asked at least once if anybody wanted it and there was no response.
I
think unless somebody actually says "yes I want it" we ought to leave
it
out.
This would finish the table entry out and also reference the
discussion on why very large keys are not recommended. It
is possible
that MAY NOT is not currently valid 2119 language. In this case I
would be happy with ether MAY or SHOULD NOT. I would not be
happy with MUST NOT.
MAY or SHOULD NOT it is. I would lean towards MAY.
I was leaning towards MAY, but maybe SHOULD NOT is better since the NOT
provides more information on which way we're leaning. What do others
think?
spt