1368 straw-poll : (was: Re: [ietf-dkim] Deployment Non-Scenario
7: Cryptographic Upgrade and Downgrade Attacks)
Arvel Hathcock
arvel.hathcock at altn.com
Wed Feb 28 16:41:21 PST 2007
> This protection depends upon a means for the signer to assert which
> algorithm is deprecated, and what shiny new algorithm is being
> offered.
That doesn't follow at all. The *receiver* will decide what algorithms
are and are not sufficient and when to act on that decision. And
besides, the means by which a *sender* can assert which algorithm they
like is to just stop signing with the one(s) they don't. Whether and
when to do that is a decision the sender will have to make. I don't see
how policy plays a role in any of this.
I'm starting to think that I'm completely missing something fundamental.
I might need some education in Prague if folk have time.
Arvel
More information about the ietf-dkim
mailing list