[ietf-dkim] RFC4871bis - whether to drop -- k: Key type
Douglas Otis
dotis at mail-abuse.org
Tue Jun 2 11:43:23 PDT 2009
On Jun 2, 2009, at 11:29 AM, Dave Crocker wrote:
> There are much easier ways to do a dos attack.
IIRC, this feature was intended to reduce the number of unsupported
algorithms that might be otherwise accepted because the algorithm was
not yet adopted by the receiver.
Unless the key indicates rsa-md6 for example, then accepting messages
that do not verify because MD6 is not yet supported by the receiver
would not be given a pass because the DKIM key did not indicate the
domain uses MD6.
This is not about DoS avoidance, although this might be one of the
benefits. This is about algorithm agility.
-Doug
More information about the ietf-dkim
mailing list