On 7/16/2025 10:17 AM, Bron Gondwana wrote:
I think what we want is:
1. The verifier MUST support at least one of the signature algorithms.
The usual approach for having alternative codings, formats, algorithms,
or the like is to define a small, core set that is mandated to be
supported by all implementations, with the option of using other choices
a) in addition, or b) alone if both parties have prior knowledge the
other choice will suffice.
Interoperability requires working with no prior coordination, or with
very explicit coordination. For Internet standards, the former is the
foundation. Hence, generators must default to making choices from that
core, unless they have prior knowledge about the capabilities of the
consumers.
1. The verifier MUST check all the algorithms it supports.
That is extra work that isn't needed. I think the goal of this current
effort is improved strength/robustness. Therefore the requirement
probably should be:
The verifier MUST check the strongest/best/whatever algorithm it
supports
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
bluesky: @dcrocker.bsky.social
mast: @[email protected]
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
