On Sun, 30 Apr 2006, Paul Hoffman wrote:
At 8:49 AM -0400 4/30/06, Tony Hansen wrote:
Paul Hoffman wrote:
> It is up to the verifier to decide how much effort after the first
attempt it wants to do. The cost to the verifier is a doing multiple
hashes, not doing multiple signature validations.
Ummm, we don't currently run a hash of the headers, just the body.
Umm, yes we do. See section 3.7:
In hash step 2, the signer or verifier MUST pass the following to the
hash algorithm in the indicated order.
Digital signature algorithms almost always encrypt a hash of the data, not
the data itself, because the encryption and decryption steps are so
expensive.
We
currently do the signature validation based on the actual headers, the
body hash, and the dkim-signature. So doing such a verification *would*
require multiple signature validations.
A verifier using heuristics (not specified in the spec) would do the
following:
1) Look at the hash in the signature.
If I understand technology correctly the DKIM indeed does not contain
full hash and only RSA1 signed version of that. Yes, that is unusual
as most signature protocols such as SMIME do contain the hash (and so
does META as it was designed to be more like header-based SMIME in the
form and extendeability). So I obviously believe it is wrong that you
chose such minimalistic approach - what you see here (such as
inability to verify only hash) is just one of those consequences.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html