On Oct 23, 2006, at 10:52 AM, Hallam-Baker, Phillip wrote:
The deployment scenarios do not capture the downgrade attack
problem correctly.
As has been repeatedly pointed out on the list and never rebutted
the only way you can have a successful transition from a state
where the whole world uses algorithm A to one where the whole world
uses algorithm B without having a period where one group or the
other is unable to achieve their security goals is to:
* Sign messages with both algorithms
* Have a policy statement that specifies that messages are signed
with both algorithms.
When more than one algorithm is offered, where the signer is also
responding to an attack vector, the following is also desired -
* Indicate which of algorithms are deprecated.
However, this strategy is not to be handled in the initial
specifications.
An optimal location for this information to minimize overhead is
within the key records. There is also a desire to eliminate policy
references in various scenarios not compatible with preventing this
downgrade concern.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
