spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Attacking Domain Keys

2004-11-30 12:56:11
from [Seth Goodman] [Permanent Link] 
From: Hallam-Baker, Phillip
Sent: Tuesday, November 30, 2004 11:38 AM




[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of 
Seth Goodman



As is the implementation of any other algorithm.  RSA signature
validation is a very CPU-intensive algorithm that

unfairly burdens

the recipient. HMAC-SHA1 signatures are much faster, and you can
optimize both to your heart's content and still come up with the
same result.


How do trolls perform the necessary key distribution?




I was not suggesting using an HMAC in DK or any other PK


Oh yes you were, see your original post.


Give it up Phillip.  You misread the post, failed to read hundreds of posts
in this forum and the SES forum and you are dead wrong.  Now please stop
calling me a troll for disagreeing with you.





scheme, nor have I ever.  As you are undoubtedly aware, there
are other signature schemes besides public key cryptography.


I am aware of a great many signature schemes, with the exception
of digest/MAC based schemes all are based on mathematics that are at least
as complex as public key.


HMAC-SHA1 is a form of MAC, as I'm sure you'll agree.  SES uses HMAC-SHA1
signatures and SHA-1 digests, so it seems to meet your exception.
Apparently, it is possible to have a signature scheme that is less complex
and costly than RSA.




The eliptic curve variations of RSA offer a marginal speed improvement but
only if you believe certain claims as to the difficulty of performing
certain operations in a field that is considerably less well
understood than discrete math.


As is plain from reading my other posts, I was not referring to small
improvements in RSA, but not using PK cryptography at all.





Some of them don't require key distribution at all.  We have
discussed it for a long time but I suppose you missed it.
Please read the archives.


Ah reference to non-existent/ambiguous citation, a favorite tactic of
trolls.

You made the assertion, the onus is on you to back up your claim.


Non-existent?  SPF-Discuss has archives and so does SES-Devel.  Read the
archives, search under my name and SES and please stop the name-calling.

--

Seth Goodman
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Objections TO VOTE FOR THE SPF COUNCIL, Ralf Doeblitz
Next by Date:  RE: Role for the new council??, Andy Bakun
Previous by Thread:  RE: Attacking Domain Keys, Hallam-Baker, Phillip
Next by Thread:  RE: Attacking Domain Keys, Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]