Re: Re: What the verifier can do

On Sun, 30 Apr 2006, Paul Hoffman wrote:

> At 8:49 AM -0400 4/30/06, Tony Hansen wrote:
> > Paul Hoffman wrote:
> >  > It is up to the verifier to decide how much effort after the first
> > >  attempt it wants to do. The cost to the verifier is a doing multiple
> > >  hashes, not doing multiple signature validations.
> >
> > Ummm, we don't currently run a hash of the headers, just the body.
>
> Umm, yes we do. See section 3.7:
>   In hash step 2, the signer or verifier MUST pass the following to the
>   hash algorithm in the indicated order.
>
> Digital signature algorithms almost always encrypt a hash of the data, not 
> the data itself, because the encryption and decryption steps are so 
> expensive.
>
> > We
> > currently do the signature validation based on the actual headers, the
> > body hash, and the dkim-signature. So doing such a verification *would*
> > require multiple signature validations.
>
> A verifier using heuristics (not specified in the spec) would do the 
> following:
>
> 1) Look at the hash in the signature.

If I understand technology correctly the DKIM indeed does not contain
full hash and only RSA1 signed version of that. Yes, that is unusual
as most signature protocols such as SMIME do contain the hash (and so
does META as it was designed to be more like header-based SMIME in the 
form and extendeability). So I obviously believe it is wrong that you 
chose such minimalistic approach - what you see  here (such as
inability to verify only hash) is just one of those consequences.

--
William Leibzon
Elan Networks
william@xxxxxxxx