Paul Hoffman <[EMAIL PROTECTED]> writes: > At 11:22 AM -0700 4/30/06, Eric Rescorla wrote: >>Yes, but it's a bad idea to design systems assuming that's going >>to be the only algorithm you ever use. > > We are explicitly *not* designing this system to use heuristics that > would cause multiple rounds. My assertion is that if an implementation > wants to do it, it can. Along with that assertion is the fact that, > with all the algorithms defined in the document and the assumption > that we are unlikely to change them except in a cryptographic > emergency, the expensive operations (asymmetric signing and verifying) > only need to happen once. > >>Sure, but what happens when you want to use ECDSA because you're >>worried about key size constraints? > > Then you decide if your actions that go beyond the spec are worth it > for you in terms of effort.
Better to design a system that doesn't require people to make that kind of tradeoff. In this case, that could be easily done by including a copy of the unsigned digest along with the signature. -Ekr _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
