From: Brad Templeton (brad@templetons.com)
Date: Thu Jun 03 1999 - 13:30:07 CDT
On Thu, Jun 03, 1999 at 08:09:25PM +0200, Brad Knowles wrote:
> At 10:26 AM -0700 6/3/99, Brad Templeton wrote:
> Pure hashing of the body-exactly-as-is is not particularly
> complex, but once you start getting into reordering of headers,
> unfolding/refolding of lines, and other canonicalization steps, then
> you start getting into operations that are sufficiently complex that
> I think they would be on par with doing MIME bodypart parsing.
They are complex, and I don't recommend them either. Though I think
parsing of the full MIME-tree is worse. However, the main problem is
that the headers, in a multipart/signed, would be at the *bottom*,
forcing you to read the entire article just to see what the Newsgroups
are.
It goes against the whole concept of header and body. Mail's
multipart/signed was never intended to sign headers, which frankly
astounds me, because the first thing I would want to verify about e-mail
is not that the body is valid (though of course I want that) it's that
the From: line is correct.
They didn't even support having more than 2 parts in a multipart/signed.
They had their hearts somewhat in the right place but still did a design
that doesn't meet the goals of mail, let alone news.
You could gateway news with "headers in the body" into mail but no mail
system would have any understanding of it.
> Has anybody actually looked at the kind of time it would take to
> calculate an MD-5 or SHA-1 hash of the message body and then do the
> cryptographic calculations to verify whether or not it has had any
> changes made to it, and then to compare those operations to the cost
> of typical MIME bodypart parsing?
The cost of the hashing is fairly small. It's not the CPU cost of the
hashing or mime parsing that I would object to. It's a violation of
the header-body concept that is the problem.
I thought you wanted to stop talking about this?