Michael Thomas wrote:
I know that we've gotten a barrage in the last few days but is there
support for
having policy for what algorithms a domain uses? I assume this is to
deal with
bid-down attacks. I know where we stand wrt this with -base, but don't
remember
whether we were given any guidence wrt -ssp, or whether there was general
support for this in -ssp.
Mike
Doesn't that have an implication of an SSP lookup even for signatures
that are cryptographically correct?
There're also no bidding down attacks, just spoofs here so I think the
logic that says this isn't needed for base also applies to SSP. But I
guess maybe something's different.
So, not sure myself if its useful in SSP, but maybe worth including as
a candidate req. in your -00 anyway.
S.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html