ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Interesting Dupe Signatures

2009-10-31 14:31:06
Is this really worth worrying about? I mean, the amount of actual ham is in
the vast minority so even if all of your ham was doing tons of anti social
things it probably wouldn't make much if any difference in your average border
mail gateway's job.

Mike

On 10/31/2009 10:55 AM, Steve Atkins wrote:

On Oct 31, 2009, at 10:45 AM, hector wrote:

Working on a DKIM stats log analyzer, I found some facebookmail.com
notification messages with two duplicate DKIM signatures.

DKIM-Signature: v=1; a=rsa-sha1; d=facebookmail.com; s=q1-2009b;
         c=relaxed/relaxed;
     q=dns/txt; i=(_at_)facebookmail(_dot_)com; t=1256981485;
     h=From:Subject:Date:To:MIME-Version:Content-Type;
     bh=uFmzuYhiBd82ctm8i9mPRevatL4=;
   b=m4nhlG7A0JxZnEWa6DQza0oMghkv6CI+vNM41hY7tipGHfvj6EXCpXaFFGuV/xgj
     Zut8syylO1s4qASiqCWBaQ==;
DKIM-Signature: v=1; a=rsa-sha1; d=facebookmail.com; s=q1-2009b;
         c=relaxed/relaxed;
     q=dns/txt; i=(_at_)facebookmail(_dot_)com; t=1256981485;
     h=From:Subject:Date:To:MIME-Version:Content-Type;
     bh=uFmzuYhiBd82ctm8i9mPRevatL4=;
   b=m4nhlG7A0JxZnEWa6DQza0oMghkv6CI+vNM41hY7tipGHfvj6EXCpXaFFGuV/xgj
     Zut8syylO1s4qASiqCWBaQ==;

I don't see a difference.

I'm sure this is probably minor, but with "tons" of fb notifications
coming into users machines, short circuiting redundant hash
verification probably has some merit.

How should it be handled?  Should logic be added to see if the bh= or
b= base64 hash was already processed?

I'd expect that shortcircuiting the bh= calculation would save a lot
of work in the more typical case that the two signatures are by
different signers, so is worth doing.

Cheers,
    Steve

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html