[mail-vet-discuss] Proposed "header.b" tag for DKIM signatures

Murray S. Kucherawy msk at cloudmark.com
Wed Mar 24 17:04:02 PDT 2010


> -----Original Message-----
> From: mail-vet-discuss-bounces at mipassoc.org [mailto:mail-vet-discuss-
> bounces at mipassoc.org] On Behalf Of Victor Duchovni
> Sent: Wednesday, March 24, 2010 4:45 PM
> To: mail-vet-discuss at mipassoc.org
> Subject: Re: [mail-vet-discuss] Proposed "header.b" tag for DKIM
> signatures
> 
> Well, since birthday attacks are not a concern here, 64-bits of
> signature
> should have very low collision probability, provided the bits are not
> primarily ASN.1 scaffolding, rather than the actual signature. I would
> look for ~96 bits, and look into the question of how many of those
> first
> few bytes are unpredictable signature vs. fixed ASN.1 glue.

Thanks, that's something I hadn't considered.  I'm at the IETF now and I'll try to bounce this issue off a few security types to be sure.

In the interim, this URL about RSA seems to suggest that the output of their signing function is entirely random, so there should be little concern about leading ASN.1 structure:

http://www.di-mgt.com.au/rsa_alg.html#encryptpkcs1



More information about the mail-vet-discuss mailing list