[ietf-dkim] New IANA considerations: standards track or just RFC?
fenton at cisco.com
Wed Jan 24 18:29:29 PST 2007
Jon Callas wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Jan 23, 2007, at 4:21 PM, Jim Fenton wrote:
>> I generally agree with "RFC only", but haven't thought about all
>> eight of the registries that -base asks to have created. It's not
>> clear that we want to do this with all of them. For example, we
>> might want to set a higher bar for the signature or hash algorithm
>> than for creation of a new signature tag.
> To be something of a devil's advocate on this, why? A nice property
> of signatures is that there is pressure on the verifier either to
> create them maximally interoperably, or accept that some people won't
> be able to verify them.
> As a verifier, if I start seeing signatures with a hash that I don't
> speak (or think is not secure), I just consider the message to be
> unsigned or bogusly signed. No problem.
Thanks, Paul, John, Scott, Arvel, Jon, and Phill (did I miss anyone?).
I have to agree with the logic that you presented, that the namespace
isn't constrained, and even for such things as hash and signature
algorithms the registry isn't the place to make sure people make good
choices. Let's use "RFC only" for everything. It was worthwhile (for
me, anyway) to have talked that through.
More information about the ietf-dkim