"william(at)elan.net" <william(_at_)elan(_dot_)net> writes:
On Sun, 30 Apr 2006, Eric Rescorla wrote:
(2) You have a signature algorithm with message recovery
(meaning that you can extract the hash from the signature).
Again, this is only true of RSA.
Doesn't that require public key to be able to get hash out of RSA
signature (and in fact requires doing RSA crypto which "expensive")?
Yes, you need the public key to do message recovery with RSA.
And yes, it's expensive to do the RSA crypto, but you would
only need to do it once--to extract the hash and then you
can use the hash from there on in.
And isn't this system working only because you're basicly using reverse
of original RSA for purposes of digital signatures?
I'm not sure I'd call it "reverse of original RSA". Yes, this
only works because RSA allows message recovery. That's why I
think it's a bad design choice.
-Ekr
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html