Stephen Farrell wrote:
Folks - was Earl's idea considered before?
I must admit, I thought this is what we do... definitely, we _should_
do....
<skip>
PS: Just so's I can reconstruct it for myself later, the construct
might end up something like:
body-hash = Hash1(nonce, body)
I think more like:
body-hash = Hash(C14n(body))
i.e.: no nonce (a nonce in input to hash ? I think may make it easier to
find collisions, not harder...); and explicitly apply the (specified)
C14n alg. to the body, don't mix it with the crypto-hash operation.
sig-bits = Private-key(Hash2(nonce,header-stuff, body-hash))
sig-bits = Sign_s(headers)
Where:
s is the private signing key of the DKIM-signer (sender, sending
MTA, etc.)
Sign is the selected signature algorithm, including any hash
compuation which is part of the signing algorithm, e.g. RSA_SHA1, ECDSA_256
headers is the list of included headers, and normally/always
includes body-hash (why specify it separately?)
nonce again removed for same reasons...
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI:
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected Login pages:
http://AmirHerzberg.com/shame
_______________________________________________
ietf-dkim mailing list
http://dkim.org