ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: dkim service

2005-10-13 18:18:02

On Oct 13, 2005, at 5:34 PM, Michael Thomas wrote:

Hallam-Baker, Phillip wrote:

I am sure you can probably get by without sequence numbers.


If that's true, then is there any reason to not just
do as we're currently doing which is making them look
like trace headers? This preserves sequence for forensics
which is about the only thing that I suspect you can hope
for.

What prevents their order from being swapped? There could be valid reasons for someone wanting to modify the apparent order when blame for abuse is being established. This is beginning to feel like three- card monte.


The only thing the sequence number does is to allow the verifier to come
to the conclusion 'Signature X did not validate, therefore Signatures
1...X-1 are not worth checking'


But that could be a DOS attack on the other signatures,
right? Not that it would be hard to DOS it if you have
the message in hand. But it seems like a small thing
to save the RSA verify operation on subsequent signatures.

There is diminishing value as signatures are added. The signature with the greatest value would be the first signature which is where feedback will want to be sent first. Subsequent signatures would offer progressively less value with perhaps an exception regarding the last-hop. By utilizing a primary/secondary signature header, there would be absolutely no confusion who went first in the signing process. It would also limit the maximum number of signatures that need to be verified and the related overhead. Do you think that 2 would not be enough in most cases? What is the maximal number of signatures that should be retained.

-Doug


_______________________________________________
ietf-dkim mailing list
http://dkim.org