In <20040217145555(_dot_)GB1710(_at_)uk(_dot_)tiscali(_dot_)com> Brian Candler
<B(_dot_)Candler(_at_)pobox(_dot_)com> writes:
There was some discussion about the length of SRS-encoded return addresses,
even suggesting using base64 rather than base36 to minimise them,
introducing possible problems with case-sensitivity.
It appears that base64 is going to happen because Shevek says "it
takes too many lines of code" to do base36."
(1) In the simplest case: you rotate your signing secret every day (e.g. by
appending utime/86400 to it). Then if you want to check that a message is
valid up to 7 days old, you just check the hash against the last 7 days'
secrets.
This has also been suggested (and argued strongly for). Shevek has
rejected it because it "is inelegant."
(2) As an optimisation: you can include say the low 4 bits of the day value
in the signature.
Actually, there have been quite a few variations on the suggestion of
using the time as a salt to the secret key. The one I like best is to
use a single base36 letter to encode the day-of-month.
i.e.
[ a dozen lines of code deleted]
I'm sorry, but a dozen lines of code is simply not worth the
programming time, according to Shevek.
-wayne