[ietf-dkim] small question in draft-ietf-dkim-base-00.txt on TXT
record
Douglas Otis
dotis at mail-abuse.org
Mon Feb 20 13:13:50 PST 2006
On Feb 20, 2006, at 12:49 PM, Tony Hansen wrote:
> We allow extra options to be specified in a DKIM-Signature header,
> but do not allow extra options to be specified in a DKIM TXT
> record. (I don't recall this being discussed before, but just may
> not remember it.) Should we? If not, how would we do upwardly-
> compatible changes without requiring multiple DNS entries for both
> an old and new entry.
DKIM should specify a binary structure used with the CERT RR. This
RR already offers fields defining the critical hash algorithm, for
example. By just specifying the hash used in signature header, once
a hash algorithm is later discovered compromised, there is no means
to keep bad actors from using this compromised hash algorithm for
spoofing messages. It would appear the DKIM draft is not ready.
-Doug
More information about the ietf-dkim
mailing list