[ietf-dkim] 1193 considered harmful
Douglas Otis
dotis at mail-abuse.org
Tue Mar 21 14:39:22 PST 2006
On Mar 21, 2006, at 3:36 PM, Michael Thomas wrote:
>
> But you'd assumedly need a new RSA signature per message in order
> for this to make any sense. To be pedantic:
>
> CostRSAsign = 1
> CostSHAx = .1
>
> For message one, cost = 1.1, for message 2-n, cost = 1.0/msg -- big
> whoop. These aren't accurate, just illustrative.
For SHA-1, a rough estimate of the overhead seems to suggest the hash
is predominate at about 100KB messages. With SHA-256 this crossover
might become 50KB. It does suggest that distributing larger messages
will increase overhead by a factor of recipients without a means to
mitigate the HASH algorithm for larger messages.
In terms of adding a new header at subsequent stages, this parameter
remaining unchanged in a new signature to encompass the new header
also shows that the body of the message is not being changed. If one
signature fails due to the HASH not matching, it can be assumed all
signatures will fail due to a change that has been made in the
message body. This change may help facilitate processing signatures
that wish to securely add information to the message. Rather than
causing a cascade of failures being processed, this effort can be
quickly short-circuited. When the HASH in each signature are
different, then looking for a signature with a matching HASH also
short-circuits the discovery effort which also reduces the work
caused when multiple signatures are allowed to exist within a message.
-Doug
More information about the ietf-dkim
mailing list