> On Oct 26, 2022, at 3:48 AM, Douglas Foster > <dougfoster.emailstanda...@gmail.com> wrote: > > > Murray first raised the issue of weak signatures. Ale has revisited the > topic by mentioning the transition to newer hash algorithms. We know that > encryption algorithms get retired over time, and the time sequence looks like > this: > - trusted > - deprecated > - not trusted > > When applied to DKIM signatures, we can conclude that "weakness" is an > evaluation result, not a disposition result. A weak signature may not > hinder acceptance during the "deprecated" period, but it may cause problems > during the "not trusted" period. > > Weak results need to be part of the aggregate report so that domain owners > understand the importance of moving from weak to strong signatures. > Different evaluators will move to the "not trusted" state at different times, > and aggregate reporting helps a domain owner understand his transition > priorities. > > Implications for our texts: > > - DAMRC Evaluation does not exit upon finding an aligned and verified weak > signature. Instead, the result is noted but the evaluation continues in > hopes of finding an aligned and verified strong signature. > Strong defined as the strength of the encryption algorithm (i.e., key size). I’m sorry if you already defined and I missed it.
Neil _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc