On Sat, 15 Oct 2005, Earl Hood wrote:
On October 14, 2005 at 12:08, Stephen Farrell wrote:
PS: Just so's I can reconstruct it for myself later, the construct
might end up something like:
body-hash = Hash1(nonce, body)
sig-bits = Private-key(Hash2(nonce,header-stuff, body-hash))
Actually the "data" hash would be more like:
data-hash = Hash1(nonce, header-stuff, body)
sig-bits = Private-key(Hash2(nonce, DKIM-Signature-field))
I.e. The digital signature is only on the DKIM-Signature field,
nothing else.
For comparison META Signatures is something like:
data-hash = hash1(nonce, some-headers, body-part)
; body-part can be particular mime part (or several) or entire message body
; some headers is optional and typically include only Content-* fields
sig-bits = Private-key(hash2(nonce, meta-parts, data-hash, header-stuff))
; where meta-parts is META-Signature field with sig segment cut out
META-Signature design itself allows for inclusion of header fields in
either way listed in previous email (together with body hash or together
with signature itself) but I obviously prefer inclusion with signature.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
ietf-dkim mailing list
http://dkim.org