Tony Hansen wrote:
Paul Hoffman wrote:
Paul, which hash where? There is no hash in the dkim signature for the
headers, only a hash for the body and the resulting signature.
Now, *if* there were a header hash in the signature, each of your other
steps 2-4 would be accurate. But there isn't, which is why the algorithm is:
1) calculate the body hash
2) verify the hash of the body
2a) if desired, apply heuristics to body and repeat from 1
3) verify the signature using RSA
3a) if desired, apply heuristics to headers and repeat from 3
If you're going to apply heuristics to the headers, you can't get away
from recalculating the RSA signature after each application of the
heuristics.
I think you're both saying the same thing. The RSA verify operation yields
a hash that you compare against the hash of the headers (and body from bh).
I think that's what Paul is referring to.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html