Following up on prior discussion, I'd like to start working on some formal
wording for a fingerprint tag. This will be used to describe the results of
verifying a message with multiple signatures present, so that the receiver can
match up each result to its respective signature even if there's
Since fingerprints have specific meaning in cryptography, can you
change the name to something like "Unique Signature ID" (i.e. "u"
although personally I like "u"s for URLs).
How you planning to make reference to specific header field by using
this tag? Are these going to be similar tricks to wh
On Apr 12, 2006, at 12:56 PM, Murray S. Kucherawy wrote:
If the "f=" tag is absent, a verifier can infer its value by using
the first four bytes of the actual (i.e. base64-decoded) "bh" tag's
value when describing its results to receivers. However, since the
base64-decoded version of the
william(at)elan.net wrote:
Since fingerprints have specific meaning in cryptography, can you
change the name to something like "Unique Signature ID" (i.e. "u"
although personally I like "u"s for URLs).
Fine by me. How about "sid" for Signature ID?
How you planning to make reference to specif
Douglas Otis wrote:
Verification results based upon an added header might be spoofed when
an MTAs is not configured to remove them. In addition, these headers
will not be reliably present until universally adopted, perhaps many
years from now. While the header might be removed normally,
Murray --
It sounds like what you really want to do is to cause b= to be unique. That
could be accomplished by just adding some hash-collision resistant number
of random bytes. Or you could use those random bytes directly, I suppose.
Mike
Murray S. Kucherawy wrote:
Douglas Otis wrote:
Hi Murray,
What would be wrong with the option of using the first N bytes of the
actual signature value?
If that were ok (and I've no idea really), then presumably the shortest
N that disambiguates the signatures could be used.
But its not entirely clear to me who's putting this value where, w
On Wed, Apr 12, 2006 at 11:00:37PM +0100, Stephen Farrell allegedly wrote:
>
> Hi Murray,
>
> What would be wrong with the option of using the first N bytes of the
> actual signature value?
>
> If that were ok (and I've no idea really), then presumably the shortest
> N that disambiguates the sig
Michael Thomas wrote:
It sounds like what you really want to do is to cause b= to be unique. That
could be accomplished by just adding some hash-collision resistant number
of random bytes. Or you could use those random bytes directly, I suppose.
It may in fact be completely sufficient for the s
Murray S. Kucherawy wrote:
> william(at)elan.net wrote:
>> Since fingerprints have specific meaning in cryptography, can you
>> change the name to something like "Unique Signature ID" (i.e. "u"
>> although personally I like "u"s for URLs).
>
> Fine by me. How about "sid" for Signature ID?
Likely t
Lets not get into cellular mapping id's (SID)
-Original Message-
From: [EMAIL PROTECTED] on behalf of Jim Fenton
Sent: Wed 4/12/2006 8:00 PM
To: Murray S. Kucherawy
Cc: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] Proposed fingerprint tag description
Murray S. Kucherawy
> william(at)elan.net wrote:
> > Since fingerprints have specific meaning in cryptography, can you
> > change the name to something like "Unique Signature ID" (i.e. "u"
> > although personally I like "u"s for URLs).
>
> Fine by me. How about "sid" for Signature ID?
Microsoft will love that :)
12 matches
Mail list logo
