[dkim-dev] ATPS v01 - Hash Length

Hector Santos hsantos at santronics.com
Thu Sep 30 12:16:54 PDT 2010


Hector Santos wrote:
> But what if we allow ATPS for a wild card hash?
> 
> RRYSFVSSZN56ELIZQ3Y7GCYH7VIQRWOA._atps  TXT ("v=atps01; d=*.example.com;")

Btw, I was exploring this sub-domain wildcard idea and for the 
specific domain:

    *.winserver.com

I was getting a short BASE32(SHA1("*.winserver.com")) result and 
depending on what base32 encoding function used, you can get "=" padding.

  2VGN3G3GATAIHHTMGWPQ====._atps  TXT ("v=atps01; d=*.winserver.com;")

shorter than 32.  I checked this with various base32(sha1()) library 
methods. All produce the same result.

Without the *. subdomain prefix, you get:

  JCHJYKXMWKNBYFGE2BG4TD6ADD264OLH._atps  TXT ("v=atps01; 
d=winserver.com;")

and other wild card hashing does this show this hashing behavior:

JEDGYSVHEMSBM3UKHZWRKOIKTIIULR3I._atps  TXT ("v=atps01; 
d=*.santronics.com;")
3LZJLXW37GAOBEWLNDWERVOC6SY5VTUI._atps  TXT ("v=atps01; d=*.isdg.net;")

I am not sure if this show there could be collisions with the 
base32(sha1()) algorithm or that you were always expecting an uniform 
32 character hash result.

-- 
Sincerely

Hector Santos
http://www.santronics.com




More information about the dkim-dev mailing list