[ietf-dkim] #1196: Base: Upgrade indication and protection against
downgrade attacks
Douglas Otis
dotis at mail-abuse.org
Wed May 17 08:28:58 PDT 2006
There are two aspects not covered by this recommendation. Rather
than marking preferred keys with a tag, keys that are depreciated
should be marked instead. This inversion of the logic allows easier
upgrading.
- When a verifier detects a signature is using a key marked as
depreciated, it must verify the existence of an additional signature
supported by the signing domain not marked as depreciated, and
confirm the correspondence of the signature algorithm with that of
the key.
- If the verifier supports the algorithm of the signature using a key
not marked as depreciated, this signature SHOULD be used instead.
- If there are no additional signatures not marked as depreciated, or
where the algorithm of the signature is not confirmed to correspond
with the key, the message signature for that domain SHOULD be
considered invalid.
-Doug
More information about the ietf-dkim
mailing list