[ietf-dkim] draft-ietf-dkim-threats-02 nit//Permitted and
preferred algorithms.
Stephen Farrell
stephen.farrell at cs.tcd.ie
Thu Apr 6 12:13:52 PDT 2006
Doug,
We're done with that document. We had the WG last call.
Its finished. Unless something REALLY BIG turns up, but
that's always true.
*If* the document editor wants to make innocuous changes
during AUTH-48, that'd be ok. I'll leave it to Jim to
figure if this is one such or not. These are not IMO
REALLY BIG issues.
For the rest of us - let's get on to discussing the base
draft (unless someone wants to be left behind haggling
over threats wordsmithing:-)
Regards,
Stephen.
PS: Same response to the mails sent to ietf-discuss!
Douglas Otis wrote:
>
> ,---
> | 4.1.14. Cryptographic Weaknesses in Signature Generation
> |
> | The message signature system must be designed to support multiple
> | signature and hash algorithms, and the signing domain must be able to
> | specify which algorithms it uses to sign messages. The choice of
> | algorithms must be published in key records, rather than in the
> | signature itself, to ensure that an attacker is not able to create
> | signatures using algorithms weaker than the domain wishes to permit.
> '___
>
> This leaves out the "bid-down" concern.
>
> Change to:
>
> : The message signature system must be designed to support multiple
> : signature and hash algorithms, and the signing domain must be able to
> : specify which algorithms it uses to sign messages. The choice of
> : algorithms as well as the preferred algorithm offered when multiple
> : signatures are added to a message must be published in key records,
> : rather than in the just the signature itself, to ensure that an
> : attacker is not able to create signatures using algorithms weaker than
> : the domain prefers or wishes to permit.
>
> -Doug
> _______________________________________________
> NOTE WELL: This list operates according to
> http://mipassoc.org/dkim/ietf-list-rules.html
>
More information about the ietf-dkim
mailing list