> From: Stephen Farrell [mailto:[EMAIL PROTECTED]
> Phill, > > Hallam-Baker, Phillip wrote: > > That does not allow for algorithm agility which I believe > is either > an explicit security area requirement now or > soon will be after the > SHA-1 issue is addressed. > > Don't we already have alg. agility between signers and > verifiers, via the h= and k= fields of the key record? No. There are two agility issues, first can you use the new algorithms. The key record can answer that one fine The second is which algorithms should I expect? The key record does not answer that as far as I can see and it is the wrong place to do that. The key record should allow verification of the signature, the policy record the sufficiency of the signature. > If so, then is what you're suggesting only of use when the > signer is different from the rfc2822.From domain? No. > If so, do we expect that domains like that, that don't sign > for themselves, will find it useful to be specifying the > acceptable algorithms for their signed mail? No, the scheme useful for two cases. The principle one being for when a domain is in the process of a transition and wishes to support legacy signature algorithms without opening up a downgrade attack vulnerabilty. The use of remote selectors in the policy record is not the principle intended use, but it is useful to some certainly and I don't see a good reason to block it. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
