Cryptographic Algorithm and Key Usage Update to DomainKeys Identified Mail (DKIM)
RFC 8301
Yes
No Objection
Note: This ballot was opened for revision 04 and is now closed.
Alvaro Retana No Objection
Warren Kumari No Objection
(Alexey Melnikov; former steering group member) Yes
(Ben Campbell; former steering group member) Yes
-4: "Verifiers MUST verify using rsa-sha256." Should this say "...MUST be able to..."? That is, am I correct in assuming that a verifier will use the scheme specified by the signer if it is capable of doing so, and that it doesn't make sense to try to verify with rsa-sha256 if the signer used something else?
(Kathleen Moriarty; former steering group member) Yes
Thanks for your response to the SecDir review and addressing the problem in another draft. https://datatracker.ietf.org/doc/review-ietf-dcrup-dkim-usage-04-secdir-lc-nystrom-2017-09-20/
(Spencer Dawkins; former steering group member) Yes
(Adam Roach; former steering group member) No Objection
I would have expected section 4 to be explicit in the interaction between the requirement that "rsa-sha1 MUST NOT be used for signing or verifying" and the Authentication-Results header defined in RFC 7001. In particular, I would have expected to see guidance here whether receipt of a message using sha1 should be coded as "neutral" or "policy": as an implementor, I would be unsure which one to use.
(Alia Atlas; former steering group member) No Objection
(Benoît Claise; former steering group member) No Objection
(Deborah Brungard; former steering group member) No Objection
(Eric Rescorla; former steering group member) No Objection
(Mirja Kühlewind; former steering group member) No Objection
Please check and address the feedback provided by the gen-art review (Thanks Jari!). My understanding is that the normative language was discussed in detail for this draft but Jari brought up a point on forward-comparability with future algorithms regarding verification. I would also be interested to at least see a reply to that!
(Suresh Krishnan; former steering group member) No Objection
(Terry Manderson; former steering group member) No Objection