On Thursday, December 21, 2017 11:57:44 AM John Levine wrote: > In article <1513857489.3531319.1212273208.18fe8...@webmail.messagingengine.com> you write: > >I certainly concur with Brandon here - changing ARC algorithm looks like > >a very messy proposition, I expect you'd pretty much have to do a window > >where both the old and new algorithm were supported - with a dealine > >where the old algorithm gets treated like a broken link. ... > > Complex technical approach: > > Invent a new ps= tag for peer selector. If using two signing > algorithms, add two AS and AMS headers with the same d= but different > s=, one for each algorithm, each with a ps= pointing to the other > header, and each signature covering both headers, and you have to > check when signing and validating that the ps= in this header matches > the s= in the other. The chain is valid if either AS is valid. > > Simple administrative approach: > > Stall ARC for a few more months until we can get ed25519 into the > libraries, then adjust the document to make it MUST verify both.
I doubt you'll see it in OpenARC until after OpenSSL has a release that supports ed25519. That may be a large value of few. Does anyone know? Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
