On 05/06/2010 09:32 AM, Murray S. Kucherawy wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Michael Ströder
Sent: Thursday, May 06, 2010 4:51 AM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: [ietf-dkim] Clarification needed for "Computing the Message
Hashes"
HI!
I wondered about a sentence in section 3.7. of RFC 4871:
[..] The header field MUST be presented to
the hash algorithm after the body of the message rather than with
the
rest of the header fields and [..]
http://www.dkim.org/specs/rfc4871-dkimbase.html#hashing
What does "the body of the message" mean exactly? The 1. body-hash or
really
2. the whole message body (again)?
The more formal description implies 1.:
body-hash = hash-alg(canon_body)
header-hash = hash-alg(canon_header || DKIM-SIG)
signature = sig-alg(header-hash, key)
You're computing two hashes. The first is a hash over the signed header
fields (which gets stored in the "bh="), and the second is over the body
followed by the (incomplete) DKIM-Signature header field.
Did you write that correctly, Murray? The *body* hash gets stored into bh. I
think you mean
I'm trying to make sense of what you wrote, and I'm sort of not getting it
altogether.
But I think he's right: it's meaning number 1. bh= gets body-hash, header-hash
is the
h= values, and DKIM-SIG is the to-be created signature header, minus the value
part of b=.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html