[ietf-dkim] draft-ietf-dkim-base-02 //Deprecating keys and
dotis at mail-abuse.org
Thu May 25 07:03:24 PDT 2006
On Thu, 2006-05-25 at 09:29 -0400, Russ Housley wrote:
> [As an individual contributor]
> I assume that the "deprecated keys" are stored in the DNS. If so,
> the algorithm is an attribute of the key stored in the DNS.
> The "Other Algorithms" section seems like an odd place in the
> document to talk about the mechanism for deprecating keys.
> If the DNS contains two keys and one is deprecated and the other is
> not, then the verifier should only make use of the non-deprecated
> key, regardless of the algorithm associated with each of the keys.
During a transition, many verifiers will not recognize a newer
algorithm. Many signing domains will not wish to appear to offer no
signatures, as would occur during such an abrupt transition without two
signatures being usable. When there is a deprecated key algorithm, the
verifier must not ignore all unknown algorithms, but instead must verify
that a non-deprecated key algorithm is being offered by the signing
domain, even when the algorithm may be unimplemented by the verifier.
This check prevents algorithm spoofing.
This text allows the use of the deprecated signature only when the other
signature is not implemented:
: Verifiers MUST also ignore signatures referencing "deprecated" keys
: when a different signature from the signing domain is found offering
: an implemented algorithm referencing a key not marked as "deprecated."
> At 09:29 PM 5/24/2006, Douglas Otis wrote:
> >|3.3.3 Other algorithms
> >| Other algorithms MAY be defined in the future. Verifiers MUST ignore
> >| any signatures using algorithms that they do not understand.
> >Change to:
> >: Other algorithms MAY be defined in the future. Unless there is a
> >: signature from a signing domain marked as "deprecated", verifiers
> >: MUST ignore signatures indicating unimplemented algorithms.
> >: Signatures referencing "deprecated" keys must be considered invalid
> >: without the presence of signature from the same signing domain
> >: referencing a key not marked as "deprecated", also supporting the
> >: indicated algorithm. Verifiers MUST also ignore signatures
> >: referencing "deprecated" keys when a different signature from the
> >: signing domain is found offering an implemented algorithm referencing
> >: a key not marked as "deprecated."
More information about the ietf-dkim