[ietf-dkim] RFC4871bis - whether to drop -- h: Acceptable hash algorithms
Murray S. Kucherawy
msk at cloudmark.com
Thu Jun 4 14:55:28 PDT 2009
> >> TXT RR tags
> >>
> >> h: Acceptable hash algorithms
> >>
> >> The spec needs to define the supported set of hash algorithms. There
> >> may be some value in a signer being able to state that they're using
> >> an algorithm that isn't supported, perhaps.
> >>
> >> But unless there is a viable attack such that an attacker can craft a
> >> message that validates correctly against the domain owner public key
> >> using a hash supported by the spec (sha1 or sha256), without access
> >> to the domain owners private key, then there's no need for this to be in
> >> the TXT record.
>
> I agree that there's no need for that to be in a TXT record.
If a site wanted to revoke instantly any signature previously generated with rsa-craphash, couldn't it just revoke its old keys and generate new keys, and begin signing with rsa-goodhash?
What's the advantage of having a mechanism to disallow future verifications using a particular hash without just changing the keys you're using? Both times you have to touch DNS and reconfigure your signers, so I don't see that leaving "h=" in there gives you anything you can't already do some other way.
More information about the ietf-dkim
mailing list