Paul Hoffman <phoffman(_at_)proper(_dot_)com> writes:
At 11:22 AM -0700 4/30/06, Eric Rescorla wrote:
Yes, but it's a bad idea to design systems assuming that's going
to be the only algorithm you ever use.
We are explicitly *not* designing this system to use heuristics that
would cause multiple rounds. My assertion is that if an implementation
wants to do it, it can. Along with that assertion is the fact that,
with all the algorithms defined in the document and the assumption
that we are unlikely to change them except in a cryptographic
emergency, the expensive operations (asymmetric signing and verifying)
only need to happen once.
Sure, but what happens when you want to use ECDSA because you're
worried about key size constraints?
Then you decide if your actions that go beyond the spec are worth it
for you in terms of effort.
Better to design a system that doesn't require people to make
that kind of tradeoff. In this case, that could be easily
done by including a copy of the unsigned digest along with
the signature.
-Ekr
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html