-----Original Message-----
From: mail-vet-discuss-bounces(_at_)mipassoc(_dot_)org
[mailto:mail-vet-discuss-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Victor Duchovni
Sent: Wednesday, March 24, 2010 4:45 PM
To: mail-vet-discuss(_at_)mipassoc(_dot_)org
Subject: Re: [mail-vet-discuss] Proposed "header.b" tag for DKIM
signatures
Well, since birthday attacks are not a concern here, 64-bits of
signature
should have very low collision probability, provided the bits are not
primarily ASN.1 scaffolding, rather than the actual signature. I would
look for ~96 bits, and look into the question of how many of those
first
few bytes are unpredictable signature vs. fixed ASN.1 glue.
Thanks, that's something I hadn't considered. I'm at the IETF now and I'll try
to bounce this issue off a few security types to be sure.
In the interim, this URL about RSA seems to suggest that the output of their
signing function is entirely random, so there should be little concern about
leading ASN.1 structure:
http://www.di-mgt.com.au/rsa_alg.html#encryptpkcs1
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html