On Oct 31, 2009, at 10:45 AM, hector wrote:
Working on a DKIM stats log analyzer, I found some facebookmail.com
notification messages with two duplicate DKIM signatures.
DKIM-Signature: v=1; a=rsa-sha1; d=facebookmail.com; s=q1-2009b;
c=relaxed/relaxed;
q=dns/txt; i=(_at_)facebookmail(_dot_)com; t=1256981485;
h=From:Subject:Date:To:MIME-Version:Content-Type;
bh=uFmzuYhiBd82ctm8i9mPRevatL4=;
b=m4nhlG7A0JxZnEWa6DQza0oMghkv6CI+vNM41hY7tipGHfvj6EXCpXaFFGuV/xgj
Zut8syylO1s4qASiqCWBaQ==;
DKIM-Signature: v=1; a=rsa-sha1; d=facebookmail.com; s=q1-2009b;
c=relaxed/relaxed;
q=dns/txt; i=(_at_)facebookmail(_dot_)com; t=1256981485;
h=From:Subject:Date:To:MIME-Version:Content-Type;
bh=uFmzuYhiBd82ctm8i9mPRevatL4=;
b=m4nhlG7A0JxZnEWa6DQza0oMghkv6CI+vNM41hY7tipGHfvj6EXCpXaFFGuV/xgj
Zut8syylO1s4qASiqCWBaQ==;
I don't see a difference.
I'm sure this is probably minor, but with "tons" of fb notifications
coming into users machines, short circuiting redundant hash
verification probably has some merit.
How should it be handled? Should logic be added to see if the bh= or
b= base64 hash was already processed?
I'd expect that shortcircuiting the bh= calculation would save a lot
of work in the more typical case that the two signatures are by
different signers, so is worth doing.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html