1368 straw-poll : (was: Re: [ietf-dkim] Deployment Non-Scenario
7: Cryptographic Upgrade and Downgrade Attacks)
Michael Thomas
mike at mtcc.com
Mon Feb 26 09:02:18 PST 2007
Douglas Otis wrote:
> You receive a message where the signer has indicated that sha256 has
> been deprecated, or perhaps the original signature association scheme
> has been deprecated, or perhaps the canonicalization algorithm has been
> deprecated. To permit a graceful transition, both the deprecated
> algorithm (whatever that might be) and some shiny new algorithm must now
> be included with the message. Once your verifier adopts the shiny new
> algorithm, both you and the sender have obtained a higher level of
> protection not vulnerable to downgrade attack. This protection depends
> upon a means for the signer to assert which algorithm is deprecated, and
> what shiny new algorithm is being offered.
Phill -- do you agree with this?
At least I can see the potential issue here.
Mike
More information about the ietf-dkim
mailing list