[ietf-dkim] Proposal for specifying syntax and semantics for
multiple signatures
Eric Rescorla
ekr at raman.networkresonance.com
Mon Apr 3 13:14:27 PDT 2006
Douglas Otis <dotis at mail-abuse.org> writes:
> On Apr 3, 2006, at 9:53 AM, Arvel Hathcock wrote:
>
>> > 1. Whether we want to have a mechanism to let the signature survive
>> > the reordering of multiple sig headers or not. I've heard Mike and
>> > Dave say no, we don't. Is that correct?
>>
>> I've also said it's added complexity that I don't think we need.
>>
>> > 2. Whether we want to be able to detect the removal of a signature
>> > header (as perhaps in the case of a "stronger" one and leaving a
>> > "weaker" one). I think the consensus is that we don't care about
>> > this; I'd like to confirm that.
>>
>> Right, we don't care about that.
>
> Email can not easily negotiate these algorithms. Are you expecting
> to sign messages differently for each recipient?
>
> A verifier must be able to detect when a stronger signature has been
> removed when two signatures are offered. Without this ability to
> detect such a removal, all verifiers and senders will remain at risk
> to a downgrade attack during perhaps a _very_ long algorithm
> transition period. It requires very little to repair this problem at
> the outset.
Sorry, I still don't understand what the purpose or impact of this
attack is. Can you explain?
-Ekr
More information about the ietf-dkim
mailing list