1368 straw-poll : (was: Re: [ietf-dkim] Deployment Non-Scenario
7: Cryptographic Upgrade and Downgrade Attacks)
John R Levine
johnl at iecc.com
Mon Feb 26 23:56:49 PST 2007
>> This protection depends upon a means for the signer to assert which
>> algorithm is deprecated, and what shiny new algorithm is being offered.
Wearing, as usual, my receiver hat, I still don't see any reason to be
interested in random senders' opinions about the relative merits of
various algorithms.
Like I said before, let's say someone publishes SSP saying sha256 is
deprecated and rot13 is shiny and new. What should I do with that info?
Assuming we agree that it's stupid and I should ignore it, how am I
supposed to tell stupid deprecation advice from non-stupid deprecation
advice?
Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"I shook hands with Senators Dole and Inouye," said Tom, disarmingly.
More information about the ietf-dkim
mailing list