[ietf-dkim] Base-02 //Deprecated Signature Version & New List
Douglas Otis
dotis at mail-abuse.org
Thu Jun 22 15:25:23 PDT 2006
On Jun 22, 2006, at 2:21 PM, Stephen Farrell wrote:
>
>
> Douglas Otis wrote:
>> On Jun 22, 2006, at 10:45 AM, Eric Allman wrote:
>>> There are many reasons I don't like this proposal. Let me start
>>> with the easily fixed ones:
>>>
>>> (1) Overloading existing tags to add new functionality is absurd.
>>> Adding "d" to the end of the version has nothing to do with the
>>> version;
>
> Eric's right there IMO.
>
> >> (3) Wasn't the issue of downgrade attacks discussed in Dallas and
> >> resolved on the list? In specific, it was issue 1196 (Upgrade
> >> indication and protection against downgrade attacks). As near as
> >> I can tell, the exact same issues that Doug is raising were
> discussed
> >> in this issue, and a frankly much more elegant approach was
> proposed.
> >> Why is this issue alive again?
> >
> > This issue still needs review.
>
> We have consensus that 1196 [1] is closed. One voice doesn't change
> that.
>
> Stephen.
>
> [1] https://rt.psg.com/Ticket/Display.html?id=1196
There remains the issue describing a deprecated algorithm as being
ignored, which is identical to treatments for obsolete algorithms
(signature versions). Perhaps there could be few minutes placed on
the agenda to allow an attempt to explain why this could become a
problem. The solution could be as simple as defining an optional c=
tag (concurrent requirement) in the key.
-Doug
More information about the ietf-dkim
mailing list