On Mon, Oct 17, 2005 at 06:02:18PM -0500, Earl Hood allegedly wrote: > Hector raised a good point about attackers being able to exploit > this. I.e. If standardized DKIM is more secure, attackers will > exploit the legacy user base to get around the more secure version.
This is surely within the control of the sender, is it not? If the sender chooses not to advertise legacy keys, then what exploit is possible? If a signer feels vulnerable to exploitation, they will only use the safest signature mechanism available. Alternatively, if the signer is more interested in compatibility they might choose a deployment that maximizes successful verification. I expect that high value domains are in the former category while the vast majority of low value domains are in the latter category. In effect this is the same issue that will arise when a future flaw is discovered in the latest, greatest cryptographic algorithm. Signers will need to decide what algorithmic choice to make as a consequence and the specification needs to allow them to express those choices. So, all we need to do in the specification is ensure these choices are possible, then we can let signers manage their own risk themselves. Mark. _______________________________________________ ietf-dkim mailing list http://dkim.org
