Return-Path: <sklist@kitterman.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id E98EF12EB5B
 for <dcrup@ietfa.amsl.com>; Sat,  3 Jun 2017 11:02:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.99
X-Spam-Level: 
X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001, T_HTML_ATTACH=0.01, URIBL_BLOCKED=0.001]
 autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
 header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ffkushCWzSTi for <dcrup@ietfa.amsl.com>;
 Sat,  3 Jun 2017 11:02:16 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com
 [IPv6:2607:f0d0:3001:aa::2])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 2EA9912EB55
 for <dcrup@ietf.org>; Sat,  3 Jun 2017 11:02:16 -0700 (PDT)
Received: from kitterma-e6430.localnet
 (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mailout03.controlledmail.com (Postfix) with ESMTPSA id 44D4DC4010C
 for <dcrup@ietf.org>; Sat,  3 Jun 2017 13:02:14 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com;
 s=201409; t=1496512934;
 bh=qyu+TOYZMslF5m9MOTVcZCBe+OpoujYB0+2J2kZbE80=;
 h=From:To:Subject:Date:From;
 b=D0SfxJPz0beBfglczZpP4B6wmv0dTEQKxtZbXjfPbQ8qwE4DSRK3mpUnm1qB/dMhB
 1KIGet2E28lp+hl50Y2OgO98UMQimavoQYv0h2ZFpkSj61VLQYJOMGmDGzOZULiUuO
 W4jbasHA+245ORLOt+4dYvZwS8swAKFTcqIIixos=
From: Scott Kitterman <sklist@kitterman.com>
To: dcrup@ietf.org
Date: Sat, 03 Jun 2017 14:02:13 -0400
Message-ID: <1870784.2tGGxD3xed@kitterma-e6430>
User-Agent: KMail/4.13.3 (Linux/3.13.0-119-generic; KDE/4.13.3; x86_64; ; )
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="nextPart1965194.WfSBeShprZ"
Content-Transfer-Encoding: 7Bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/G1fcOKVbj_RaPHzsDkcbwVtSEOI>
Subject: [Dcrup] Work on draft-ietf-dcrup-dkim-usage
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>,
 <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>,
 <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Jun 2017 18:02:19 -0000

This is a multi-part message in MIME format.

--nextPart1965194.WfSBeShprZ
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"

I have locally updated the draft based on my interpretation of the discussion 
on the list.  Rfcdiff attached.

Added an informative reference to the US-CERT vulnerability report on this 
issue.
Added updates to header field and key records that I missed in my first draft.

Also, I forgot to mention before that, since all the cool kids are doing it, I 
put this up on my github account.  This is, of course, in no way officially 
anything at all.  It's only a way for me to keep track of changes.

https://github.com/kitterma/draft-ietf-dcrup-dkim-usage

I did not take on the question of adding key sizes to the IANA registry for 
several reasons:

1.  Adding it at all is somewhat controversial and I'm hoping to limit the 
controversy in this particular document so we can get it done.  I view this 
document as the minimum update to RFC 6376 required to update DKIM to remove 
known insecure things.  An IANA registry doesn't affect that.

2.  Different types of algorithms have widely different key size requirements, 
so I don't believe we will really know what such a registry would need to look 
like until after we've finished working through questions about what is the 
next generation DKIM algorithm going to be.  Making a registry now would mean 
we might need to redo it later.  Let's do it once, if we are going to to it at 
all.

3.  There is some nuance about key size rules that I'm not sure how to fit 
into an IANA registry.

One other thing that perhaps should go into this draft is more on Security 
Considerations.  If you look at the Security Considerations in RFC 6376, it 
does not mention risks associated with using an obsolete hash algorithm or a 
key that is too small.  Adding a new security consideration as an "update" to 
RFC 6376 that describes the problem this draft is solving might be a good 
thing?

As revisions are cheap, unless someone objects, I'll go ahead and post this 
(or something similar based on feedback) soon.

Scott K
--nextPart1965194.WfSBeShprZ
Content-Disposition: attachment;
 filename="draft-ietf-dcrup-dkim-usage-from--00.diff.html"
Content-Transfer-Encoding: 7Bit
Content-Type: text/html; charset="UTF-8";
 name="draft-ietf-dcrup-dkim-usage-from--00.diff.html"

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<!-- Generated by rfcdiff 1.41: rfcdiff  --> 
<!-- <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional" > -->
<!-- System: Linux kitterma-E6430 3.13.0-119-generic #166-Ubuntu SMP Wed May 3 12:18:55 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux --> 
<!-- Using awk: /usr/bin/gawk: GNU Awk 4.0.1 --> 
<!-- Using diff: /usr/bin/diff: diff (GNU diffutils) 3.3 --> 
<!-- Using wdiff: /usr/bin/wdiff: wdiff (GNU wdiff) 1.2.1 --> 
<html> 
<head> 
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 
  <meta http-equiv="Content-Style-Type" content="text/css" /> 
  <title>Diff: draft-ietf-dcrup-dkim-usage-00.txt - draft-ietf-dcrup-dkim-usage.txt</title> 
  <style type="text/css"> 
    body    { margin: 0.4ex; margin-right: auto; } 
    tr      { } 
    td      { white-space: pre; font-family: monospace; vertical-align: top; font-size: 0.86em;} 
    th      { font-size: 0.86em; } 
    .small  { font-size: 0.6em; font-style: italic; font-family: Verdana, Helvetica, sans-serif; } 
    .left   { background-color: #EEE; } 
    .right  { background-color: #FFF; } 
    .diff   { background-color: #CCF; } 
    .lblock { background-color: #BFB; } 
    .rblock { background-color: #FF8; } 
    .insert { background-color: #8FF; } 
    .delete { background-color: #ACF; } 
    .void   { background-color: #FFB; } 
    .cont   { background-color: #EEE; } 
    .linebr { background-color: #AAA; } 
    .lineno { color: red; background-color: #FFF; font-size: 0.7em; text-align: right; padding: 0 2px; } 
    .elipsis{ background-color: #AAA; } 
    .left .cont { background-color: #DDD; } 
    .right .cont { background-color: #EEE; } 
    .lblock .cont { background-color: #9D9; } 
    .rblock .cont { background-color: #DD6; } 
    .insert .cont { background-color: #0DD; } 
    .delete .cont { background-color: #8AD; } 
    .stats, .stats td, .stats th { background-color: #EEE; padding: 2px 0; } 
  </style> 
</head> 
<body > 
  <table border="0" cellpadding="0" cellspacing="0"> 
  <tr bgcolor="orange"><th></th><th>&nbsp;draft-ietf-dcrup-dkim-usage-00.txt&nbsp;</th><th> </th><th>&nbsp;draft-ietf-dcrup-dkim-usage.txt&nbsp;</th><th></th></tr> 
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">Network Working Group                                       S. Kitterman</td><td> </td><td class="right">Network Working Group                                       S. Kitterman</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">Internet-Draft                              Kitterman Technical Services</td><td> </td><td class="right">Internet-Draft                              Kitterman Technical Services</td><td class="lineno" valign="top"></td></tr>
      <tr><td><a name="diff0001" /></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock">Updates: 6376 (if approved)                                 <span class="delete">May 30</span>, 2017</td><td> </td><td class="rblock">Updates: 6376 (if approved)                                 <span class="insert">June 3</span>, 2017</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">Intended status: Standards Track</td><td> </td><td class="right">Intended status: Standards Track</td><td class="lineno" valign="top"></td></tr>
      <tr><td><a name="diff0002" /></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock">Expires: December <span class="delete">1</span>, 2017</td><td> </td><td class="rblock">Expires: December <span class="insert">5</span>, 2017</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">             Cryptographic Algorithm and Key Usage to DKIM</td><td> </td><td class="right">             Cryptographic Algorithm and Key Usage to DKIM</td><td class="lineno" valign="top"></td></tr>
      <tr><td><a name="diff0003" /></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock">                     draft-ietf-dcrup-dkim-usage-0<span class="delete">0</span></td><td> </td><td class="rblock">                     draft-ietf-dcrup-dkim-usage-0<span class="insert">1</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">Abstract</td><td> </td><td class="right">Abstract</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   The cryptographic algorithm and key size requirements included when</td><td> </td><td class="right">   The cryptographic algorithm and key size requirements included when</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   DKIM was designed in the last decade are functionally obsolete and in</td><td> </td><td class="right">   DKIM was designed in the last decade are functionally obsolete and in</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   need of immediate revision.  This document updates DKIM requirements</td><td> </td><td class="right">   need of immediate revision.  This document updates DKIM requirements</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   to those minimaly suitable for operation with currently specified</td><td> </td><td class="right">   to those minimaly suitable for operation with currently specified</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   algorithms.  This document updates RFC 6376.</td><td> </td><td class="right">   algorithms.  This document updates RFC 6376.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">Status of This Memo</td><td> </td><td class="right">Status of This Memo</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
      <tr bgcolor="gray" ><td></td><th><a name="part-l2" /><small>skipping to change at</small><em> page 1, line 35</em></th><th> </th><th><a name="part-r2" /><small>skipping to change at</small><em> page 1, line 35</em></th><td></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   Internet-Drafts are working documents of the Internet Engineering</td><td> </td><td class="right">   Internet-Drafts are working documents of the Internet Engineering</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   Task Force (IETF).  Note that other groups may also distribute</td><td> </td><td class="right">   Task Force (IETF).  Note that other groups may also distribute</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   working documents as Internet-Drafts.  The list of current Internet-</td><td> </td><td class="right">   working documents as Internet-Drafts.  The list of current Internet-</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   Drafts is at http://datatracker.ietf.org/drafts/current/.</td><td> </td><td class="right">   Drafts is at http://datatracker.ietf.org/drafts/current/.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   Internet-Drafts are draft documents valid for a maximum of six months</td><td> </td><td class="right">   Internet-Drafts are draft documents valid for a maximum of six months</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   and may be updated, replaced, or obsoleted by other documents at any</td><td> </td><td class="right">   and may be updated, replaced, or obsoleted by other documents at any</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   time.  It is inappropriate to use Internet-Drafts as reference</td><td> </td><td class="right">   time.  It is inappropriate to use Internet-Drafts as reference</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   material or to cite them other than as "work in progress."</td><td> </td><td class="right">   material or to cite them other than as "work in progress."</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td><a name="diff0004" /></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock">   This Internet-Draft will expire on December <span class="delete">1</span>, 2017.</td><td> </td><td class="rblock">   This Internet-Draft will expire on December <span class="insert">5</span>, 2017.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">Copyright Notice</td><td> </td><td class="right">Copyright Notice</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   Copyright (c) 2017 IETF Trust and the persons identified as the</td><td> </td><td class="right">   Copyright (c) 2017 IETF Trust and the persons identified as the</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   document authors.  All rights reserved.</td><td> </td><td class="right">   document authors.  All rights reserved.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   This document is subject to BCP 78 and the IETF Trust's Legal</td><td> </td><td class="right">   This document is subject to BCP 78 and the IETF Trust's Legal</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   Provisions Relating to IETF Documents</td><td> </td><td class="right">   Provisions Relating to IETF Documents</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   (http://trustee.ietf.org/license-info) in effect on the date of</td><td> </td><td class="right">   (http://trustee.ietf.org/license-info) in effect on the date of</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   publication of this document.  Please review these documents</td><td> </td><td class="right">   publication of this document.  Please review these documents</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
      <tr bgcolor="gray" ><td></td><th><a name="part-l3" /><small>skipping to change at</small><em> page 2, line 24</em></th><th> </th><th><a name="part-r3" /><small>skipping to change at</small><em> page 2, line 24</em></th><td></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">Table of Contents</td><td> </td><td class="right">Table of Contents</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2</td><td> </td><td class="right">   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   2.  Conventions Used in This Document . . . . . . . . . . . . . .   3</td><td> </td><td class="right">   2.  Conventions Used in This Document . . . . . . . . . . . . . .   3</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   3.  DKIM Signing and Verification Algorithms  . . . . . . . . . .   3</td><td> </td><td class="right">   3.  DKIM Signing and Verification Algorithms  . . . . . . . . . .   3</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">     3.1.  The rsa-sha1 Signing Algorithm  . . . . . . . . . . . . .   3</td><td> </td><td class="right">     3.1.  The rsa-sha1 Signing Algorithm  . . . . . . . . . . . . .   3</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">     3.2.  The rsa-sha256 Signing Algorithm  . . . . . . . . . . . .   3</td><td> </td><td class="right">     3.2.  The rsa-sha256 Signing Algorithm  . . . . . . . . . . . .   3</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">     3.3.  Key Sizes . . . . . . . . . . . . . . . . . . . . . . . .   3</td><td> </td><td class="right">     3.3.  Key Sizes . . . . . . . . . . . . . . . . . . . . . . . .   3</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">     3.4.  Other Algorithms  . . . . . . . . . . . . . . . . . . . .   4</td><td> </td><td class="right">     3.4.  Other Algorithms  . . . . . . . . . . . . . . . . . . . .   4</td><td class="lineno" valign="top"></td></tr>
      <tr><td><a name="diff0005" /></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock">   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   4</td><td> </td><td class="rblock">   4.  <span class="insert">The DKIM-Signature Header Field . . . . . . . . . . . . . . .   4</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock">   <span class="delete">5.</span>  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   <span class="delete">4</span></td><td> </td><td class="rblock"><span class="insert">   5.  Key Management and Representation . . . . . . . . . . . . . .   4</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">     5.1.</span>  DKIM Hash Algorithms  . . . . . . . . . . . . . . . . . .   <span class="delete">4</span></td><td> </td><td class="rblock"><span class="insert">   6.</span>  Security Considerations . . . . . . . . . . . . . . . . . . .   4</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">   6.</span>  Normative References  . . . . . . . . . . . . . . . . . . . .   <span class="delete">4</span></td><td> </td><td class="rblock">   <span class="insert">7.</span>  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   <span class="insert">5</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock">   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .   <span class="delete">5</span></td><td> </td><td class="rblock"><span class="insert">     7.1.</span>  DKIM Hash Algorithms  . . . . . . . . . . . . . . . . . .   <span class="insert">5</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock">   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   <span class="delete">5</span></td><td> </td><td class="rblock"><span class="insert">   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">     8.1.</span>  Normative References  . . . . . . . . . . . . . . . . . .   <span class="insert">5</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">     8.2.  Informative References</span>  . . <span class="insert">. . . . . . . . . . . . . . .   5</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .   <span class="insert">6</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   <span class="insert">6</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">1.  Introduction</td><td> </td><td class="right">1.  Introduction</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   Discussion Venue:    Discussion about this draft is directed to the</td><td> </td><td class="right">   Discussion Venue:    Discussion about this draft is directed to the</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">      dcrup@ietf.org [1] mailing list.</td><td> </td><td class="right">      dcrup@ietf.org [1] mailing list.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   DKIM [RFC6376] signs e-mail messages, by creating hashes of the</td><td> </td><td class="right">   DKIM [RFC6376] signs e-mail messages, by creating hashes of the</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   message headers and content and signing the header hash with a</td><td> </td><td class="right">   message headers and content and signing the header hash with a</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   digital signature.  Message recipients fetch the signature</td><td> </td><td class="right">   digital signature.  Message recipients fetch the signature</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   verification key from the DNS where it is stored in a TXT record.</td><td> </td><td class="right">   verification key from the DNS where it is stored in a TXT record.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   The defining documents specify a single signing algorithm, RSA</td><td> </td><td class="right">   The defining documents specify a single signing algorithm, RSA</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   [RFC8017], and recommends key sizes of 1024 to 2048 bits (but require</td><td> </td><td class="right">   [RFC8017], and recommends key sizes of 1024 to 2048 bits (but require</td><td class="lineno" valign="top"></td></tr>
      <tr><td><a name="diff0006" /></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock">   verification of 512 bit keys).  While 1024 bit signatures are common,</td><td> </td><td class="rblock">   verification of 512 bit keys).  <span class="insert">As discussed in US-CERT VU#268267</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock">   stronger signatures are not.  Widely used DNS configuration software</td><td> </td><td class="rblock"><span class="insert">   [VULNOTE], the operational community has recognized that shorter keys</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock">   places a practical limit on key sizes, because the software only</td><td> </td><td class="rblock"><span class="insert">   compromise the effectiveness of DKIM.</span>  While 1024 bit signatures are</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock">   handles a single 256 octet string in a TXT record, and RSA keys</td><td> </td><td class="rblock">   common, stronger signatures are not.  Widely used DNS configuration</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">   software places a practical limit on key sizes, because the software</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">   only handles a single 256 octet string in a TXT record, and RSA keys</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   longer than 1024 bits don't fit in 256 octets.</td><td> </td><td class="right">   longer than 1024 bits don't fit in 256 octets.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">2.  Conventions Used in This Document</td><td> </td><td class="right">2.  Conventions Used in This Document</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL",</td><td> </td><td class="right">   The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL",</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and</td><td> </td><td class="right">   "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   "OPTIONAL" in this document are to be interpreted as described in</td><td> </td><td class="right">   "OPTIONAL" in this document are to be interpreted as described in</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   [RFC2119].</td><td> </td><td class="right">   [RFC2119].</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">3.  DKIM Signing and Verification Algorithms</td><td> </td><td class="right">3.  DKIM Signing and Verification Algorithms</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
      <tr bgcolor="gray" ><td></td><th><a name="part-l4" /><small>skipping to change at</small><em> page 4, line 23</em></th><th> </th><th><a name="part-r4" /><small>skipping to change at</small><em> page 4, line 23</em></th><td></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   o  The security goals of DKIM,[RFC6376], are modest compared to</td><td> </td><td class="right">   o  The security goals of DKIM,[RFC6376], are modest compared to</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">      typical goals of other systems that employ digital signatures</td><td> </td><td class="right">      typical goals of other systems that employ digital signatures</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   See [RFC3766] for further discussion on selecting key sizes.</td><td> </td><td class="right">   See [RFC3766] for further discussion on selecting key sizes.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">3.4.  Other Algorithms</td><td> </td><td class="right">3.4.  Other Algorithms</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   Other algorithms will be defined in the future.  Verifiers MUST</td><td> </td><td class="right">   Other algorithms will be defined in the future.  Verifiers MUST</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   ignore any signatures using algorithms that they do not implement.</td><td> </td><td class="right">   ignore any signatures using algorithms that they do not implement.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td><a name="diff0007" /></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock">4.  <span class="delete">Security Considerations</span></td><td> </td><td class="rblock">4.  <span class="insert">The DKIM-Signature Header Field</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">   This section updates the a= tag in [RFC6376] Section 3.5.</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td><a name="diff0008" /></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">   <span class="insert">The text description of the tag is now:</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">   a=    The algorithm used to generate the signature (plain-text;</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">         REQUIRED).  Verifiers MUST support "rsa-sha256"; Signers MUST</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">         sign using "rsa-sha256".  See [RFC6376] Section 3.3 (as updated</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">         by this document) for a description of the algorithms.</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">   The following ABNF element is updated:</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">         ABNF:</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">         sig-a-tag-h     = "sha256" / x-sig-a-tag-h</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">5.  Key Management and Representation</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">   This section updates the h= tag in [RFC6376] Section 3.6.1.</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">   The following ABNF element is updated:</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">         ABNF:</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">         key-h-tag-alg   = "sha256" / x-key-h-tag-alg</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">6.  Security Considerations</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   This document does not change the Security Considerations of</td><td> </td><td class="right">   This document does not change the Security Considerations of</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   [RFC6376].  It reduces the risk of signature compromise due to weak</td><td> </td><td class="right">   [RFC6376].  It reduces the risk of signature compromise due to weak</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   cryptography.</td><td> </td><td class="right">   cryptography.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td><a name="diff0009" /></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">5</span>.  IANA Considerations</td><td> </td><td class="rblock"><span class="insert">7</span>.  IANA Considerations</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   IANA is requested to update registries as follows.</td><td> </td><td class="right">   IANA is requested to update registries as follows.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td><a name="diff0010" /></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">5</span>.1.  DKIM Hash Algorithms</td><td> </td><td class="rblock"><span class="insert">7</span>.1.  DKIM Hash Algorithms</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   The following value is changed in the DKIM Hash Algorithms</td><td> </td><td class="right">   The following value is changed in the DKIM Hash Algorithms</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">                   +------+-----------------+----------+</td><td> </td><td class="right">                   +------+-----------------+----------+</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">                   | TYPE | REFERENCE       | STATUS   |</td><td> </td><td class="right">                   | TYPE | REFERENCE       | STATUS   |</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">                   +------+-----------------+----------+</td><td> </td><td class="right">                   +------+-----------------+----------+</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">                   | sha1 | (this document) | obsolete |</td><td> </td><td class="right">                   | sha1 | (this document) | obsolete |</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">                   +------+-----------------+----------+</td><td> </td><td class="right">                   +------+-----------------+----------+</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">                Table 1: DKIM Hash Algorithms Changed Value</td><td> </td><td class="right">                Table 1: DKIM Hash Algorithms Changed Value</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td><a name="diff0011" /></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">6.</span>  Normative References</td><td> </td><td class="rblock"><span class="insert">8.  References</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">8.1.</span>  Normative References</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate</td><td> </td><td class="right">   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">              Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/</td><td> </td><td class="right">              Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">              RFC2119, March 1997,</td><td> </td><td class="right">              RFC2119, March 1997,</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">              &lt;http://www.rfc-editor.org/info/rfc2119&gt;.</td><td> </td><td class="right">              &lt;http://www.rfc-editor.org/info/rfc2119&gt;.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   [RFC3766]  Orman, H. and P. Hoffman, "Determining Strengths For</td><td> </td><td class="right">   [RFC3766]  Orman, H. and P. Hoffman, "Determining Strengths For</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">              Public Keys Used For Exchanging Symmetric Keys", BCP 86,</td><td> </td><td class="right">              Public Keys Used For Exchanging Symmetric Keys", BCP 86,</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">              RFC 3766, DOI 10.17487/RFC3766, April 2004,</td><td> </td><td class="right">              RFC 3766, DOI 10.17487/RFC3766, April 2004,</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">              &lt;http://www.rfc-editor.org/info/rfc3766&gt;.</td><td> </td><td class="right">              &lt;http://www.rfc-editor.org/info/rfc3766&gt;.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
      <tr bgcolor="gray" ><td></td><th><a name="part-l5" /><small>skipping to change at</small><em> page 5, line 20</em></th><th> </th><th><a name="part-r5" /><small>skipping to change at</small><em> page 5, line 48</em></th><td></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   [RFC6376]  Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed.,</td><td> </td><td class="right">   [RFC6376]  Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed.,</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">              "DomainKeys Identified Mail (DKIM) Signatures", STD 76,</td><td> </td><td class="right">              "DomainKeys Identified Mail (DKIM) Signatures", STD 76,</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">              RFC 6376, DOI 10.17487/RFC6376, September 2011,</td><td> </td><td class="right">              RFC 6376, DOI 10.17487/RFC6376, September 2011,</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">              &lt;http://www.rfc-editor.org/info/rfc6376&gt;.</td><td> </td><td class="right">              &lt;http://www.rfc-editor.org/info/rfc6376&gt;.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   [RFC8017]  Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch,</td><td> </td><td class="right">   [RFC8017]  Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch,</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">              "PKCS #1: RSA Cryptography Specifications Version 2.2",</td><td> </td><td class="right">              "PKCS #1: RSA Cryptography Specifications Version 2.2",</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">              RFC 8017, DOI 10.17487/RFC8017, November 2016,</td><td> </td><td class="right">              RFC 8017, DOI 10.17487/RFC8017, November 2016,</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">              &lt;http://www.rfc-editor.org/info/rfc8017&gt;.</td><td> </td><td class="right">              &lt;http://www.rfc-editor.org/info/rfc8017&gt;.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td><a name="diff0012" /></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">8.2.  Informative References</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">   [VULNOTE]  US-CERT, "Vulnerability Note VU#268267, DomainKeys</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">              Identified Mail (DKIM) Verifiers may inappropriately</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">              convey message trust", October 2012.</span></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock">                                                                         </td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">Appendix A.  Acknowledgements</td><td> </td><td class="right">Appendix A.  Acknowledgements</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   The author wishes to acknowledge the following for their review and</td><td> </td><td class="right">   The author wishes to acknowledge the following for their review and</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   constructive criticism of this proposal: TBD (surely there will be</td><td> </td><td class="right">   constructive criticism of this proposal: TBD (surely there will be</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   someone).</td><td> </td><td class="right">   someone).</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   Thanks to John Levine for draft-ietf-dcrup-dkim-crypto-00, which was</td><td> </td><td class="right">   Thanks to John Levine for draft-ietf-dcrup-dkim-crypto-00, which was</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">   the source for much of the introductory material in this draft.</td><td> </td><td class="right">   the source for much of the introductory material in this draft.</td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
      <tr><td class="lineno" valign="top"></td><td class="left">Author's Address</td><td> </td><td class="right">Author's Address</td><td class="lineno" valign="top"></td></tr>

     <tr><td></td><td class="left"></td><td> </td><td class="right"></td><td></td></tr>
     <tr bgcolor="gray"><th colspan="5" align="center"><a name="end">&nbsp;End of changes. 12 change blocks.&nbsp;</a></th></tr>
     <tr class="stats"><td></td><th><i>18 lines changed or deleted</i></th><th><i> </i></th><th><i>58 lines changed or added</i></th><td></td></tr>
     <tr><td colspan="5" align="center" class="small"><br/>This html diff was produced by rfcdiff 1.41. The latest version is available from <a href="http://www.tools.ietf.org/tools/rfcdiff/" >http://tools.ietf.org/tools/rfcdiff/</a> </td></tr>
   </table>
   </body>
   </html>

--nextPart1965194.WfSBeShprZ--