> > It seems to me that since DKIM signatures are expected to have short > > lifetimes and to have only moderate value, and that we've established > > quite thoroughly that there is not yet an obvious successor to SHA-1, > > it would be OK simply to note that we'll need something more secure in > > the future and leave it at that. > > How many times do you want to do this?!
Ideally never, pragmatically, once. If I thought we had enough info to do it now, I'd agree that we should try to do it now, but we don't. I don't see a hash upgrade as urgent. Even as SHA-1 becomes easier to break, it doesn't seem likely that it'll be broken badly enough to make it possible to put fake signatures on messages at high speed. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor "I shook hands with Senators Dole and Inouye," said Tom, disarmingly. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
