> On May 30, 2018, at 4:59 PM, John Levine <johnl@xxxxxxxxx> wrote: > > In article <D4920629-1B2C-4123-A2FC-209A4986C8C4@xxxxxxxxxxxx> you write: >> I have three comments on draft-ietf-dcrup-dkim-crypto-09. >> >> In section 3, this document says that it uses "PureEDdSA"; however, RFC 8032 provide a definition for PureEdDSA. I >> assume this is a simple typo. > > yEs As assumed.... > >> How hard would it be to expand section 6 to include an example of two selectors being used, one with RSA and one with >> ed25519? If it is pretty easy, I think it would help the reader. > > I can ask the guy who produced the example. It shouldn't be very hard. Cool. > >> RFC 6376 have an extensive security considerations section. This document should point out that the private key >> protection discussed in Section 8.3 of RFC 6376 applies to the ed25519 private key. In addition, I think there should >> be a section similar to Section 8.13 of RFC 6376 in this document; it might just be a pointer to Section 8 of RFC 8032. > > I don't disagree with any of the points but it all seems so obvious > other than perhaps the pointer to the 8032 security section. I'm > trying to envision the person who has sufficient skill to add EC keys > to his DKIM setup but has to be reminded that it would still be a bad > idea to publish the public keys. > > Perhaps I can add a sentence saying that all of the security advice in > 6376 applies except that the advice in 8032 supercedes the > RSA-specific advice. Actually, that would be sufficient. Russ
