[ietf-dkim] Re: 1368 straw-poll

Dave Crocker dhc at dcrocker.net
Mon Feb 26 10:56:01 PST 2007 


Paul Hoffman wrote:
> At 10:10 AM -0800 2/26/07, Dave Crocker wrote:
>> Paul Hoffman wrote:
>>> At 8:48 AM -0800 2/26/07, Dave Crocker wrote:
>>>> The proposed mechanism incurs an additional lookup for every signed 
>>>> message.
>>>
>>> You keep saying this without justifying it. Others have shown it to 
>>> be wrong. Please stop repeating it or support your statement.
>>
>> Actually, they haven't.
> 
> Well, at least I have. If a recipient gets a message with a valid 
> signature, they never need to look up an SSP record. That refutes your 
> statement pretty fully, doesn't it?

I have no idea.

The discussion is about algorithm transitions.  Those aren't interesting 
things to talk about unless there is a signature.  My understanding of the 
current topic is that it pertains to an SSP query that is only worth making 
when there is a signature.

Some of the discussion seems to be about having a signature that is valid but 
not "strong enough".  That might not be a scenario that you have in mind, but 
it sure seems to be one that is being discussed.

If there are no valid signatures, then I do not see how it is relevant to talk 
about algorithm agility.

All of which suggests that we have a few people who each feel they have a 
clear and solid understanding of the topic, but not necessarily that they 
share the same clear and solid understanding.

It further leaves out poor folk like me, whose only clear and solid 
understanding is that I have no clear or solid understanding of the problem 
that is claimed to be solved or why the problem is worth solving.


>> Were DKIM intended to have signatures that lasted years, that might 
>> make sense.  Since it isn't, I am pretty sure it doesn't.
> 
> And you would be wrong. If I am signing a message with both A and B, it 
> doesn't matter how long the key for each signature lasts; the transition 
> lasts for as long as I am using both algorithms. This is no different 
> than any other security protocol.

It does if the entire premise for a signature is that it is very short-lived, 
because it means that a transition can -- and should -- be targeted also to be 
short-lived for a given signer.

That is, indeed, very different from other security protocols.

d/

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net

More information about the ietf-dkim mailing list