[ietf-dkim] Body hash is not an optimization
Douglas Otis
dotis at mail-abuse.org
Tue Oct 18 09:22:22 PDT 2005
On Oct 17, 2005, at 10:46 PM, Mark Delany wrote:
> On Mon, Oct 17, 2005 at 09:58:03PM -0700, Douglas Otis allegedly
> wrote:
>
>
>> Much more can be done in the area of diagnostics. Capturing the body
>> hash would be useful and not add substantially to the overall
>> overhead.
>> As Earl points out, it also allows the disposition of the
>> signature to
>> be determined ahead of the data phase completing.
>>
>
> IOW, a body hash optimizes that rare bird - a third-party signer who
> knows they don't munge, who cares enough to claim responsibility, but
> doesn't care enough to ensure that their responsibility claim is truly
> valid. I'm at a lost - why are these signers important enough to
> optimize?
Notice that argument is not about a reduction in performance, rather
that only helps a little. If the third-party signer tracks verified
signatures, then directly using the hash on that basis should not be
a problem. In essence, the hash had already been checked and would
have some benefit for messages larger than 50KB.
Having the body hash within the signature would indicate whether
something was munged in the message body. When the body hash
verifies, but then the signature still fails, this would be a more
serious matter, and draws attention to the headers or perhaps key
tampering. Such a division would permit simpler added diagnostics,
as these could be primarily focused upon the headers. Being able to
know when something of a more serious nature is happening would be
beneficial.
-Doug
More information about the ietf-dkim
mailing list