Hi!
On 7/20/25 21:10, John R Levine wrote:
On Sun, 20 Jul 2025, Wei Chuang wrote:
There are two problems: first, the keys that a sender supports are
obscured
by the selectors.
I don't see what the problem is. Every signature has the selector and
algorithm so the verifier knows what to look for, right?
Only if we implicitly assume the decision to mandatorily use the same
selector for all algorithms.
pull all keys. Second, a sender may want to roll out a new algorithm
in an
introductory testing period but is not confident that the algorithm works
broadly. They will publish to DNS the key but not want that algorithm to
be part of the mandatory set of algorithms that receivers must
consider as
valid.
Hmm. I want to think some more about whether the rule is that ALL the
signatures have to be valid (give or take ones the verifier doesn't
support) or ANY signature is adequate.
For the still newer PQC algorithms, it could make sense to require that
at least one PQC and at least one preQC algorithm yield a valid
signature. So in case the chosen PQC algorithm turns out to be weak,
we'd be at least still secure-enough against non-quantum attackers.
Hannah.
--
Hannah Stern Mail System Development
www.mail-and-media.com 1&1 Mail & Media Development & Technology GmbH
[email protected] Brauerstraße 48 76135 Karlsruhe Germany
+49 721 91374-4519
Hauptsitz Montabaur, Amtsgericht Montabaur, HRB 5452
Geschäftsführer: Alexander Charles, Dr. Michael Hagenau, Dana Kraft,
Thomas Ludwig
Member of United Internet
Diese E-Mail kann vertrauliche und/oder gesetzlich geschützte
Informationen enthalten. Wenn Sie nicht der bestimmungsgemäße Adressat
sind oder diese E-Mail irrtümlich erhalten haben, unterrichten Sie
bitte den Absender und vernichten Sie diese E-Mail. Anderen als dem
bestimmungsgemäßen Adressaten ist untersagt, diese E-Mail zu speichern,
weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden.
This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient of this e-mail, you are hereby notified
that saving, distribution or use of the content of this e-mail in any
way is prohibited. If you have received this e-mail in error, please
notify the sender and delete the e-mail.
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
