On Aug 4, 2006, at 10:17 AM, Paul Hoffman wrote:
At 10:04 AM -0700 8/4/06, Hallam-Baker, Phillip wrote:
Fortunately there is no conflict here.
If you consider RSA1024 secure and you find a valid RSA1024
signature on the message then you are done.
If on the other hand you only find an RSA1024 signature and you
have reason to consider RSA1024 less than satisfactory you MAY
decide to take a look at the policy record to see if there should
also be a signature that offers stronger semantics.
That's not what Doug said. He said:
During a transition, it would be important to communicate what
will be offered and what has been deprecated. Then these options
MUST be available or the related signatures MUST be ignored.
I specifically object to the last three words.
Avoiding the bid-down _requires_ those last three words.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
