[ietf-dkim] Interesting Dupe Signatures
Murray S. Kucherawy
msk at cloudmark.com
Mon Nov 2 10:05:55 PST 2009
> -----Original Message-----
> From: ietf-dkim-bounces at mipassoc.org [mailto:ietf-dkim-
> bounces at mipassoc.org] On Behalf Of hector
> Sent: Sunday, November 01, 2009 7:44 PM
> To: John Levine
> Cc: barryleiba at computer.org; ietf-dkim at mipassoc.org
> Subject: Re: [ietf-dkim] Interesting Dupe Signatures
>
> But a body hash is calculated per signature because it might have a
> different c14n parsing. So the ideal optimization would be to reduce
> the body hashing to unique c= c14n types. Given a ridiculous multiple
> signatures case:
>
> DKIM-Signature: .... c=relaxed/relaxed; // dupe
> DKIM-Signature: .... c=relaxed/relaxed; // dupe
> DKIM-Signature: .... c=relaxed/relaxed; // dupe
> DKIM-Signature: .... c=simple/relaxed; // other signer
> DKIM-Signature: .... c=relaxed/relaxed; // other signer
You need two header and one body canonicalizations in that example. And that presumes there's no "l=", which creates another dimension in the matrix of canonicalizations you need to run.
I've had a lot of success doing this sort of common factoring work in my implementation, though I sadly have no data about how much computation work it really saves.
More information about the ietf-dkim
mailing list