On Thu, Mar 6, 2025 at 1:36 PM Michael Thomas <[email protected]> wrote:
> On 3/6/25 1:22 PM, John Levine wrote: > > It would be reasonable to design DKIM2 to make signing multiple messages > fast, > > e.g., if messages only have different headers, reuse the body hash. But > that's > > just an optimization. > > I think this appeal to "efficiency" is something of a red herring. I was > pretty concerned back in the day that the cost of RSA operations would > be significant, but it turns out that they weren't. That was 20 years > ago and lots of Ticks and Tocks have happened in the mean time. This is > especially true if you're doing spam filtering which is expensive and > ought to be done both sending and receiving. > > But I looked at this message's source and it has 4 signatures from > google: 2 ARC signatures, 1 DKIM, and one Google DKIM signature which I > have no idea what it is. Gmail is probably the largest mailbox provider > in the world and they didn't seem to be too resistant to running > experiments that incur RSA signing operations. > I mean, it is provably more efficient to avoid doing unnecessary hashes, but I don't think in this context that the win is significant even at a large operator. My own open source implementation provides no provision at all for reusing a body hash across many signatures, and nobody ever identified it as something that was sorely needed. -MSK
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
