Nice code, now during your testing how many messages (average message size today 3k) per second were you able to process and on what machine. I need something that can do about 1200 messages per second per second. Thanks,
Bill Oxley Messaging Engineer Cox Communications 404-847-6397 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Lindsey Sent: Wednesday, December 06, 2006 8:13 AM To: DKIM Subject: Re: Fwd: Re: [ietf-dkim] Introducing myself On Mon, 06 Nov 2006 10:47:45 -0000, Charles Lindsey <[EMAIL PROTECTED]> wrote: > On Sat, 04 Nov 2006 02:03:38 -0000, John Levine <[EMAIL PROTECTED]> wrote: That was quite some time ago, so to refresh your memories, I had been claiming that DKIM-base would fail to verify if some message had its Content-Transfer-Encoding changed en route, and that it proposed to get around this by saying that all messages SHOULD be sent as 7bit, or encoded into 7bit. In these days when 8BITMIME is now almost universally supported and widely used (with BINARYMIME coming along as well), that seemed to be a very backward step. So I proposed a canonicalization that would reverse all those encodings before hashing. >> You can sign whatever you want, but if the message is 7bit, your >> signature is more likely to survive transit to the verifier. But of course I don't want them to be "likely to survive". I want a system that is robust enough that they "always survive". > >> DKIM doesn't understand MIME. If DKIM signers and verifiers had to >> unpack MIME parts they would be orders of magnitude more complicated. >> In practice, I think that nearly everyone uses the simple body canon >> anyway. > > Not at all. Going through the MIME structure of a message body and > undoing > all Q-P or Bas64 encodings is fairly straightforward, and if you hash and > sign the result of doing that, then it is guaranteed to pass straight > through all those systems which (quite legitimately under RFC 1652) > re-encode stuff en route, without breaking the signature. I shall try to > write a demonstration implementation in the next day or so, and it > certainly won't be "orders of magnitude more complicated". So it was an issue of whether such a canonicalization really would be "orders of magnitude more complicated". Anyway, I have been working off and on on this since then, and I have written a demonstration implementation, as promised, of what it would take, which you can find at <http://www.cs.man.ac.uk/~chl/uncode/uncode.html>. It is less that 140 lines of Perl (excluding comments and empty lines). Hardly any "orders of magnitude" in evidence there. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email:[EMAIL PROTECTED]: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
