At 10:58 AM -0700 4/30/06, Eric Rescorla wrote:
I know it's pedantic, but it's important: digital signature algorithms
*sign* the hash. They do not, in general, encrypt it. It's true that
signature and encryption are similar in RSA, but they're not the same
in (e.g., DSA). Also, while the performance reason is important,
it's not the only reason. Because signature algorithms can only
process small chunks of data, a digest lets you sign large blocks
without having to worry about gluing together the signatures somehow.
Pendantry accepted. But, in this case, the only signature algorithm
we have defined is RSA.
This procedure only works if either:
(1) You place a copy of the message digest in the DKIM headers.
Based on my reading of draft-allman-*, this is not the case
in DKIM. It's not the case in S/MIME either, AFAIK.
(2) You have a signature algorithm with message recovery
(meaning that you can extract the hash from the signature).
Again, this is only true of RSA.
Otherwise you need to do a full signature verification for each
trial manipulation.
Correct. #2 applies here because we have only defined RSA.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html