Exactly. You are trying to have DKIM provide a range of information,...
As Earl has pointed out, one thing it lets you do is
validate the public key signature first, and if it doesn't validate
you don't
need to bother performing the hash operation. (The public key
operation is
since the pk computation is usually considered more expensive than the
hashing, i'm not sure what the benefit is, here, but for a very large
message, i guess saving the overhead of the hash would be nice. not a
point worth serious contortions, but as noted this ain't an expensive
enhancement.
I was arguing against subtle semantics, not extra storage.
in any event:
And I previously pointed out that this helps tremendously in tracking
down problems. (And if you don't think this matters, all I can say is you
haven't written or supported enough implementations of this sort of
stuff.)
yeah, like i'm every going to argue against your assessment of
implementation or performance issues...
anyhow, it always pisses me off to have my main line of argument become
irrelevant by virtue of a simple, direct and compelling alternate
argument. i probably won't always concede to debugging benefits, but
pretty close...
so my reaction to your posting along those lines was something like
game, set, match.
d/
_______________________________________________
ietf-dkim mailing list
http://dkim.org