On 3/6/25 2:27 PM, Murray S. Kucherawy wrote:
On Thu, Mar 6, 2025 at 1:36 PM Michael Thomas <[email protected]> wrote:
On 3/6/25 1:22 PM, John Levine wrote:
> It would be reasonable to design DKIM2 to make signing multiple
messages fast,
> e.g., if messages only have different headers, reuse the body
hash. But that's
> just an optimization.
I think this appeal to "efficiency" is something of a red herring.
I was
pretty concerned back in the day that the cost of RSA operations
would
be significant, but it turns out that they weren't. That was 20 years
ago and lots of Ticks and Tocks have happened in the mean time.
This is
especially true if you're doing spam filtering which is expensive and
ought to be done both sending and receiving.
But I looked at this message's source and it has 4 signatures from
google: 2 ARC signatures, 1 DKIM, and one Google DKIM signature
which I
have no idea what it is. Gmail is probably the largest mailbox
provider
in the world and they didn't seem to be too resistant to running
experiments that incur RSA signing operations.
I mean, it is provably more efficient to avoid doing unnecessary
hashes, but I don't think in this context that the win is significant
even at a large operator. My own open source implementation provides
no provision at all for reusing a body hash across many signatures,
and nobody ever identified it as something that was sorely needed.
Yeah, I think the right thing to do here is to just drop the line of
reasoning about efficiency altogether. Operators are going to implement
this or not and the potential minuscule additional overhead is not going
to be a deciding factor, imo.
Mike
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
