It appears that Murray S. Kucherawy <[email protected]> said: >I'm on the fence here. Do we need to say explicitly in a charter that the >best contemporary practices in terms of cryptography have to be used in the >development of a new thing? If so, it seems like every charter would need >to be explicit about it.
No, but we can make migrating from one cipher suite to another easier than it is noe. Since you can only have one key per DNS key record, if you want to do both RSA and ECC signing, you need two different signatures with two different selectors that fetch two different key records. In DKIM2 we should be able to have different cipher types with the same selector, maybe with two TXT records or maybe with two keys in the same record, and you should be able to put mutiple signatures in one DKIM header, with the verifier checking whichever one(s) it knows about. This is too many words but I think we can say "improved cipher agility" or something like that. R's, John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
