The working group decided that it would not discuss downgrade attacks in BASE.
I said at the time I would raise them in policy. The only reason to have policy is to stop a downgrade attack. Unless you understand that you don't understand policy. The only reason that DKIM has a policy layer is to prevent an attack where the attacker sends a message without a signature or with an unverifiable signature because the signature alg, digest or C18n algorithm are not supported by that receiver. I am getting a bit fed up of folk who first say they don't understand policy and then opine about what policy must be and tell everyone else that they are wrong. This is a much simpler task than people are making it out to be. If policy is on the table then so is discussion of the downgrade attack. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dave Crocker > Sent: Wednesday, August 02, 2006 6:46 PM > To: Stephen Farrell > Cc: [email protected] > Subject: Re: [ietf-dkim] Re: How MALLET PERFORMS a DOWNGRADE ATTACK > > > > Stephen Farrell wrote: > > > > > > Hallam-Baker, Phillip wrote: > >> NO MALLET PERFORMS A SUCCESSFUL DOWNGRADE ATTACK. > > > > I could quibble. That's not a downgrade attack since Alice > > parallel-signed with both. > > > I was under the impression that the working group had said > that it was not concerned about downgrade attacks, for the > DKIM usage being discussion. > > Assuming I got that correct, why is it still being discussed? > > d/ > > -- > > Dave Crocker > Brandenburg InternetWorking > bbiw.net > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
