Dave Crocker <[EMAIL PROTECTED]> writes: > Eric, et al, > > Eric Rescorla wrote: > > If we have two algorithms, Old and New, then there are three > > kinds of signer and receiver, respectively: Old, New, and Both. > > This gives us a 3-3 interop matrix, with four possibilities at > > each cell: > > > In the interest of exploring a simplification, let me re-raise a > perspective that has been expressed by others: > > It is important to be able to have multiple signatures, for transition > issues, to make sure that the signer and validator share at least one, > common algorithms. That is the *only* concern about multiple > signatures. > > One can take the position that question of "strength" is almost > completely irrelevant. > > Here's why: > > The validator either considers a signature "strong" enough or they > don't. That choice is the validator's and it does not matter in the > least whether the signer agrees. > > If someone does a downplay attack, the validator might be looking at a > signature that is "weaker" but it won't matter. Either the validator > will consider it strong enough or they won't. > > > So, my question is: what is wrong with this view of the issue?
In this context, I think nothing. -Ekr _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
