[ietf-dkim] 1193 considered harmful
Barry Leiba
leiba at watson.ibm.com
Tue Mar 21 13:16:20 PST 2006
>>>> Third, as was pointed out, a sender could hash a large body once and
>>>> send it multiple times, possibly saving a lot of time/effort.
>
> I'm sort of missing why this is an interesting feature. Reusing the
> hash of the body would only help if you were generating multiple
> signatures.
Or using the same body in multiple messages. Suppose "Company I", say,
is sending a (legitimate, opted-into) mass-mailing of a 70 MB video file
to, say, 200,000 opted-in recipients. Suppose also that for some reason
it has to batch these with different headers, so it can't just sign the
whole message once. Saving the work of hashing that 70 MB video
multiple times would be nice.
I don't consider this a compelling reason (because I think most of these
cases could -- and would -- just send identical messages, and could just
hash once in either case)... it's just another reason beyond the others,
which I do find compelling.
> I suspect that the RSA signing operation overwhelms the
> SHAx cost by a very good bit on your average size of body.
But that doesn't matter, because we're not RSA-signing the body, only
the hash. So it's only the overhead of the hashing that matters.
Barry
--
Barry Leiba, Pervasive Computing Technology (leiba at watson.ibm.com)
http://www.research.ibm.com/people/l/leiba
http://www.research.ibm.com/spam
More information about the ietf-dkim
mailing list