On Tue, Oct 23, 2018 at 3:58 AM Scott Kitterman <skl...@kitterman.com> wrote:
> Last time I looked at this particular issue, ARC could use any algorithm > that > DKIM uses. Still correct. > As I recall, that was once of the stimuli for the DCRUP working > group (to avoid having rsa-sha1 be valid for ARC by obsoleting it in DKIM). > I don't think that ARC drove the DCRUP work as much as the desire to get badness officially obsoleted :-) > It looks like this discussion has been moved to a new draft, > https://tools.ietf.org/html/draft-ietf-dmarc-arc-multi-01 (although the > reference is wrong, > https://tools.ietf.org/html/draft-ietf-dmarc-arc-multi-02 > is current. > Yes that's correct. > Unfortunately, I don't find any actual guidance on what algorithms are > currently used. Any that are valid for DKIM - see first sentence above. > Secion 6, Phases of Algorithm Evolution, gives some process > (which seriously needs revision - I thought we all knew flag days don't > work > at Internet scale), but no actual guidance. > Correct - we've deferred any real attention on this until we got the ARC protocol document nailed down. With the request to publish being a few hours old now from Barry, this might be an excellent topic to pursue next :-) > DKIM, as updated by the DCRUP work, has two valid crypto algorithms: > > rsa-sha256 > ed25119-sha256 > > One has been obsoleted: > > rsa-sha1 > > Which among those is valid for ARC and how do I know? > The same ones that are valid for DKIM (as updated by DCRUP). What we haven't worked out is how to handle mixed algorithm chains. --Kurt
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
