[ietf-dkim] Re: 1368 straw-poll
Mark Delany
markd+dkim at yahoo-inc.com
Mon Feb 26 09:22:36 PST 2007
Dave Crocker wrote:
> The proposed mechanism incurs an additional lookup for every signed
> message.
Whatever algorithm policy you embed in a separate SSP can just as easily
be embedded in the Selector of the weakened key.
But maybe that just means I don't get any of the discussion about
downgrade attacks or weakened keys needing a separate SSP. As others
have said TTL is irrelevant because they are always going to be many
orders of magnitude smaller than the response time of human
administrators. Heck most administrators haven't even heard of DKIM yet
alone the discovery of any algorithmic weakness.
I was under the impression that a separate SSP can only add value for
domains *not* verified by the signature.
Mark.
More information about the ietf-dkim
mailing list