ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Clarification needed for "Computing the Message Hashes"

2010-05-06 11:51:27
On 05/06/2010 09:32 AM, Murray S. Kucherawy wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Michael Ströder
Sent: Thursday, May 06, 2010 4:51 AM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: [ietf-dkim] Clarification needed for "Computing the Message
Hashes"

HI!

I wondered about a sentence in section 3.7. of RFC 4871:

    [..] The header field MUST be presented to
    the hash algorithm after the body of the message rather than with
the
    rest of the header fields and [..]

http://www.dkim.org/specs/rfc4871-dkimbase.html#hashing

What does "the body of the message" mean exactly? The 1. body-hash or
really
2. the whole message body (again)?

The more formal description implies 1.:

     body-hash = hash-alg(canon_body)
     header-hash = hash-alg(canon_header || DKIM-SIG)
     signature = sig-alg(header-hash, key)

You're computing two hashes.  The first is a hash over the signed header 
fields (which gets stored in the "bh="), and the second is over the body 
followed by the (incomplete) DKIM-Signature header field.

Did you write that correctly, Murray? The *body* hash gets stored into bh. I 
think you mean

I'm trying to make sense of what you wrote, and I'm sort of not getting it 
altogether.

But I think he's right: it's meaning number 1. bh= gets body-hash, header-hash 
is the
h= values, and DKIM-SIG is the to-be created signature header, minus the value 
part of b=.

Mike
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>