Is signing the body at all an essential requirement? Yes, some potential
risk for a replay attack but otherwise "whoami I sent this" should be
sufficient for some providers,
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill(_dot_)oxley(_at_)cox(_dot_)com
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Arvel Hathcock
Sent: Tuesday, March 28, 2006 11:22 AM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] mailing lists and -base
The current proposal for allowing signers to only have to compute the
hash once for large message bodies that will be sent out numerous
times (such as in a mailing list) seems like an improvement.
I can not disagree. It isn't always the case, but it is often the case,
and likely always at least optional that mailing lists personalize the
TO header. When this is done, a single body hash which could be reused
is an improvement.
--
Arvel
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html