Re: DoS and Replay protection for message signatures

[Earl Hood <earl@xxxxxxxxxxxx>]

On August 5, 2005 at 09:02, Douglas Otis wrote:

> > You could potentially save even a little more if the data that
> > is signed is completely in the message headers.  For example, if
> > a separate hash of the body is computed and placed in the
> > DKIM-Signature field, the cryptographic signature would be limited
> > to header only data while still protected the integrity of the
> > body.
...
> > The separate hash of the body also allows for limited verification
> > of a message when the body data is not available.
> 
> This sounds like a good idea, but how would you sign the hash used to  
> develop the signature?

The hash is signed just regular data.  The hash would be the SHA-1
(or maybe other cryptographic hash algorithm) of the body base64
encoded.  This value is placed in DKIM-Signature for signing.

Meta-Signatures does something similiar.

> Perhaps as a diagnostic, a simple checksum of  
> the body could be placed within the signature to confirm the body has  
> been altered, and could be a reason the signature has failed.  I like  
> the idea of dropping the body hash into the signature header, but  
> this seems to demand two separate signatures and this would be bad.

Nope.  Only one signature is done.  I can elaborate more if you
require.

--ewh