bounces(_at_)mipassoc(_dot_)org] On Behalf Of Victor Duchovni
Sent: Wednesday, March 24, 2010 4:45 PM
Subject: Re: [mail-vet-discuss] Proposed "header.b" tag for DKIM
Well, since birthday attacks are not a concern here, 64-bits of
should have very low collision probability, provided the bits are not
primarily ASN.1 scaffolding, rather than the actual signature. I would
look for ~96 bits, and look into the question of how many of those
few bytes are unpredictable signature vs. fixed ASN.1 glue.
Thanks, that's something I hadn't considered. I'm at the IETF now and I'll try
to bounce this issue off a few security types to be sure.
In the interim, this URL about RSA seems to suggest that the output of their
signing function is entirely random, so there should be little concern about
leading ASN.1 structure:
NOTE WELL: This list operates according to