ietf-dkim
[Top] [All Lists]

[ietf-dkim] Re: DoS and Replay protection for message signatures

2005-08-06 18:18:41
On Fri, 2005-08-05 at 13:20 -0500, Earl Hood wrote:
On August 5, 2005 at 09:02, Douglas Otis wrote:

You could potentially save even a little more if the data that
is signed is completely in the message headers.  For example, if
a separate hash of the body is computed and placed in the
DKIM-Signature field, the cryptographic signature would be limited
to header only data while still protected the integrity of the
body.
...
The separate hash of the body also allows for limited verification
of a message when the body data is not available.

This sounds like a good idea, but how would you sign the hash used to  
develop the signature?

The hash is signed just regular data.  The hash would be the SHA-1
(or maybe other cryptographic hash algorithm) of the body base64
encoded.  This value is placed in DKIM-Signature for signing.

Let me try to restate this idea to see if I understand it.  You are
suggesting that there be two hash operations.  One first done for the
message body where this hash value is then placed into the header.  The
second would be for the headers which is verified by the signature.

-Doug

_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim

<Prev in Thread] Current Thread [Next in Thread>