[ietf-dkim] Features that could be reconsidered: sha1 vs sha256
Tony Hansen
tony at att.com
Sat May 9 17:49:44 PDT 2009
Regarding the use of sha1 vs. sha256, I did a search of messages I've
collected in the past few years that have dkim signatures.
2008 rsa-sha1 1016
2008 rsa-sha256 1525
2009 rsa-sha1 1983
2009 rsa-sha256 1932
These are just messages that have arrived in my inbox. It's just a data
point.
Regarding Steve Atkin's suggested reworded text:
"Verifiers MUST support rsa-sha256 and MAY support rsa-sha1.
Signers SHOULD sign using rsa-sha256 and SHOULD NOT sign using
rsa-sha1." might provide enough wiggle room to allow existing code
time to migrate away from SHA1.
I'm not sure we can downgrade verifier support for sha1. However, I
definitely agree that we could downgrade signing support for sha1.
Tony Hansen
tony at att.com
More information about the ietf-dkim
mailing list