[ietf-dkim] Interesting Dupe Signatures
hector
gmail.sant9442 at winserver.com
Sun Nov 1 19:44:06 PST 2009
John Levine wrote:
> Assuming you make the generally useful optimization to do
> the body hash only once, it's hard to see a significant
> load from an extra signature check.
+1.
But a body hash is calculated per signature because it might have a
different c14n parsing. So the ideal optimization would be to reduce
the body hashing to unique c= c14n types. Given a ridiculous multiple
signatures case:
DKIM-Signature: .... c=relaxed/relaxed; // dupe
DKIM-Signature: .... c=relaxed/relaxed; // dupe
DKIM-Signature: .... c=relaxed/relaxed; // dupe
DKIM-Signature: .... c=simple/relaxed; // other signer
DKIM-Signature: .... c=relaxed/relaxed; // other signer
A reduction consideration with body hash calculations per signature
c14n type has some merit when mail size is a consideration. In this
case, a minimum of two calculations are necessary.
--
HLS
More information about the ietf-dkim
mailing list