On Wed, Mar 24, 2010 at 02:37:43PM -0700, Murray S. Kucherawy wrote:
first several characters of the actual digital signature, which is
pretty much guaranteed to be unique among signatures present. This will
allow unambiguous matching of signatures with results.
I sense some conflict between "pretty much guaranteed" and
"unambiguous".
How many signature bytes are you proposing to use?
The spec says a minimum of eight, but enough to be able to be
unambiguous. A few security types around the IETF I've polled about
this seem to think that's adequate.
Do you have another suggestion?
Well, since birthday attacks are not a concern here, 64-bits of signature
should have very low collision probability, provided the bits are not
primarily ASN.1 scaffolding, rather than the actual signature. I would
look for ~96 bits, and look into the question of how many of those first
few bytes are unpredictable signature vs. fixed ASN.1 glue.
--
Viktor.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html