On Oct 31, 2009, at 10:45 AM, hector wrote: > Working on a DKIM stats log analyzer, I found some facebookmail.com > notification messages with two duplicate DKIM signatures. > > DKIM-Signature: v=1; a=rsa-sha1; d=facebookmail.com; s=q1-2009b; > c=relaxed/relaxed; > q=dns/txt; [email protected]; t=1256981485; > h=From:Subject:Date:To:MIME-Version:Content-Type; > bh=uFmzuYhiBd82ctm8i9mPRevatL4=; > b=m4nhlG7A0JxZnEWa6DQza0oMghkv6CI+vNM41hY7tipGHfvj6EXCpXaFFGuV/xgj > Zut8syylO1s4qASiqCWBaQ==; > DKIM-Signature: v=1; a=rsa-sha1; d=facebookmail.com; s=q1-2009b; > c=relaxed/relaxed; > q=dns/txt; [email protected]; t=1256981485; > h=From:Subject:Date:To:MIME-Version:Content-Type; > bh=uFmzuYhiBd82ctm8i9mPRevatL4=; > b=m4nhlG7A0JxZnEWa6DQza0oMghkv6CI+vNM41hY7tipGHfvj6EXCpXaFFGuV/xgj > Zut8syylO1s4qASiqCWBaQ==; > > I don't see a difference. > > I'm sure this is probably minor, but with "tons" of fb notifications > coming into users machines, short circuiting redundant hash > verification probably has some merit. > > How should it be handled? Should logic be added to see if the bh= or > b= base64 hash was already processed?
I'd expect that shortcircuiting the bh= calculation would save a lot of work in the more typical case that the two signatures are by different signers, so is worth doing. Cheers, Steve _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
