IETF Logo Mail Archive

[ietf-dkim] draft-ietf-dkim-threats-02 nit//Permitted and preferred algorithms.

Douglas Otis <dotis@mail-abuse.org> Thu, 06 April 2006 19:21 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FRa3F-0007B9-6p for ietf-dkim-archive@lists.ietf.org; Thu, 06 Apr 2006 15:21:53 -0400
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FRa3D-00046t-RZ for ietf-dkim-archive@lists.ietf.org; Thu, 06 Apr 2006 15:21:53 -0400
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k36J3HWj026151; Thu, 6 Apr 2006 12:03:18 -0700
Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k36J3EeT026135 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-dkim@mipassoc.org>; Thu, 6 Apr 2006 12:03:14 -0700
Received: from [168.61.10.151] (SJC-Office-DHCP-151.Mail-Abuse.ORG [168.61.10.151]) (authenticated bits=0) by a.mail.sonic.net (8.13.6/8.13.3) with ESMTP id k36J2GBB016181 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO) for <ietf-dkim@mipassoc.org>; Thu, 6 Apr 2006 12:02:39 -0700
Mime-Version: 1.0 (Apple Message framework v749.3)
Content-Transfer-Encoding: 7bit
Message-Id: <57DB790B-C4AF-4A30-846F-36BA3A07A356@mail-abuse.org>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
To: IETF-DKIM <ietf-dkim@mipassoc.org>
From: Douglas Otis <dotis@mail-abuse.org>
Date: Thu, 06 Apr 2006 12:03:00 -0700
X-Mailer: Apple Mail (2.749.3)
X-Songbird: Clean, Clean
Subject: [ietf-dkim] draft-ietf-dkim-threats-02 nit//Permitted and preferred algorithms.
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d

,---
| 4.1.14.  Cryptographic Weaknesses in Signature Generation
|
| The message signature system must be designed to support multiple
| signature and hash algorithms, and the signing domain must be able to
| specify which algorithms it uses to sign messages.  The choice of
| algorithms must be published in key records, rather than in the
| signature itself, to ensure that an attacker is not able to create
| signatures using algorithms weaker than the domain wishes to permit.
'___

This leaves out the "bid-down" concern.

Change to:

: The message signature system must be designed to support multiple
: signature and hash algorithms, and the signing domain must be able to
: specify which algorithms it uses to sign messages.  The choice of
: algorithms as well as the preferred algorithm offered when multiple
: signatures are added to a message must be published in key records,
: rather than in the just the signature itself, to ensure that an
: attacker is not able to create signatures using algorithms weaker than
: the domain prefers or wishes to permit.

-Doug
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email