Genart last call review of draft-ietf-dcrup-dkim-usage-04

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Jari Arkko
Review result: Ready

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-dcrup-dkim-usage-??
Reviewer: Jari Arkko
Review Date: 2017-09-13
IETF LC End Date: 2017-09-13
IESG Telechat date: Not scheduled for a telechat

Summary:

This document defines modern day requirements for the cryptographic
algorithms used for DKIM.

The document is well written, short, and sets requirements that are
quite appropriate.

I have no comments beyond one small issue/question related to the
wording of the main requirement.

Major issues:

Minor issues:

The document says:

   Signers MUST sign using rsa-sha256.  Verifiers MUST verify
   using rsa-sha256. rsa-sha1 MUST NOT be used for signing or
   verifying.

I was slightly surprised by the wording of the middle requirement
about MUST verify using rsa-sha256.

Given that new algorithms may be defined in the future (and
indeed, draft-ietf-dcrup-dkim-crypto already defines some),
wouldn't a "MUST implement" type wording be more suitable?
Particularly when the third requirement prohibits the use of
weak algorithm. With the middle requirement, how could
any other, future stronger algorithm be used? Or is the idea
that the definition of those algorithms would update these
requirements? Or am I missing something?

Nits/editorial comments: 





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]