Hi, On 24.07.2025 14:26, Alessandro Vesely wrote:
However, the implementation considerations that guided the choices of RFC 8463 may still apply to a PQ algorithm. Therefore, we should devise a format in which some tags have multiple values, dependent on the algorithm, while others are valid for the whole signature. The selector may also require this flexibility.
This seems like excess flexibility that we have intentionally gotten rid of, like in the case of TLSv1.3 and it's strict set of ciphersuites.
The tangible benefit for such flexibility over implementation complexity and potential security issues resulting from that seem not worth it. Say someone removes one of those sections that are only valid for one (stronger) algorithm while keeping the weaker ones (that they might be able to attack)? It very much seems like a can of worms.
It might be a better idea to keep algorithm+signature(+selector) bundled as it has been so far and as it has been described elsewhere in this thread already.
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
