On Thu, Feb 16, 2006 at 03:33:20PM +0000, Stephen Farrell allegedly wrote: > > Mark, > > Now that I've reset the brain a bit:-)
Thanks. My crude explanation probably compounded the problem a bit. > The assumption that all signers and verifiers have the same idea of an > absolute strength-order for hash algorithms is a bit optimistic. > > For example, some countries do insist on national algorithms being > supported - see rfc 4357 for example. I don't think I want to get into > a dispute about whether the Gost-hash is better or worse than sha-256 > (or whatever) - do you? Right. I completely understand that there might be different views of strong and weak and that we (for most of we and certainly me) aren't experts in this area. But I'm thinking that DKIM has a simpler task. It merely has to observe the debate and decisions of the security world and when they come to conclusions we piggy-back off of that: If a) The current algorithm is accepted as being at risk and If b) An agreed-upon stronger algorithm is available then c) Change the standard to reflect the stronger algorithm While there remains uncertainly about a) or b) then do nothing. Mark. _______________________________________________ NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html
