[ietf-dkim] The key record upgrade attack
phoffman at proper.com
Fri Aug 4 10:17:46 PDT 2006
At 10:04 AM -0700 8/4/06, Hallam-Baker, Phillip wrote:
>Fortunately there is no conflict here.
>If you consider RSA1024 secure and you find a valid RSA1024
>signature on the message then you are done.
>If on the other hand you only find an RSA1024 signature and you have
>reason to consider RSA1024 less than satisfactory you MAY decide to
>take a look at the policy record to see if there should also be a
>signature that offers stronger semantics.
That's not what Doug said. He said:
> > >During a transition, it would be important to communicate
>> what will be
>> >offered and what has been deprecated. Then these options MUST be
>> >available or the related signatures MUST be ignored.
I specifically object to the last three words.
More information about the ietf-dkim