"william(at)elan.net" <[EMAIL PROTECTED]> writes: > On Sun, 30 Apr 2006, Eric Rescorla wrote: > >> (2) You have a signature algorithm with message recovery >> (meaning that you can extract the hash from the signature). >> Again, this is only true of RSA. > > Doesn't that require public key to be able to get hash out of RSA > signature (and in fact requires doing RSA crypto which "expensive")?
Yes, you need the public key to do message recovery with RSA. And yes, it's expensive to do the RSA crypto, but you would only need to do it once--to extract the hash and then you can use the hash from there on in. > And isn't this system working only because you're basicly using reverse > of original RSA for purposes of digital signatures? I'm not sure I'd call it "reverse of original RSA". Yes, this only works because RSA allows message recovery. That's why I think it's a bad design choice. -Ekr _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
