On Thu 24/Jul/2025 14:07:54 +0200 Taavi Eomäe wrote:
On 24.07.2025 14:26, Alessandro Vesely wrote:
Therefore, we should devise a format in which some tags have multiple
values, dependent on the algorithm, while others are valid for the whole
signature. The selector may also require this flexibility.>
This seems like excess flexibility that we have intentionally gotten rid of,
like in the case of TLSv1.3 and it's strict set of ciphersuites.
The tangible benefit for such flexibility over implementation complexity and
potential security issues resulting from that seem not worth it. Say someone
removes one of those sections that are only valid for one (stronger) algorithm
while keeping the weaker ones (that they might be able to attack)? It very much
seems like a can of worms.
It would be straightforward to implement. In C, define your structure as a set
of pointers to the relevant elements, pre-fill it with default elements (simple
tags) and then override as needed while you parse a structured tag.
Removing part of the signature invalidates it. When signing, all other
structured tags values are empty, but their definitions are there.
It might be a better idea to keep algorithm+signature(+selector) bundled as it
has been so far and as it has been described elsewhere in this thread already.
You mean algorithm + signature (+ selector) (+ body hash).
AFAIK, it has never been bundled, so far.
If repeating the same values isn't a worry, it is even simpler to write
multiple signatures at the same i= level.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
