On Sun, 30 Apr 2006, Eric Rescorla wrote:
(2) You have a signature algorithm with message recovery
(meaning that you can extract the hash from the signature).
Again, this is only true of RSA.
Doesn't that require public key to be able to get hash out of RSA
signature (and in fact requires doing RSA crypto which "expensive")?
And isn't this system working only because you're basicly using reverse
of original RSA for purposes of digital signatures?
Although I suspect for programmer optimization its not quite as bad as
I originally thought. If you have original data in "z" and you know
something has been changed, you can in parallel do calculation of hashes
(based on original values and if you really want of the header data
in the messge) while at the same time in paraller running decryption.
Then in the end the values are all verified which is simple and quick
operation. But the slowest point here is probably getting public key
from dns; it would have been possible to optimize this 3 way-parallel
if public key was in the signture (i.e. then do RSA crypto, do hash and
get public key or fingerprint all at same time and then 2 comparisons of
the results).
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html