On 05/06/2010 09:32 AM, Murray S. Kucherawy wrote: >> -----Original Message----- >> From: [email protected] [mailto:ietf-dkim- >> [email protected]] On Behalf Of Michael Ströder >> Sent: Thursday, May 06, 2010 4:51 AM >> To: [email protected] >> Subject: [ietf-dkim] Clarification needed for "Computing the Message >> Hashes" >> >> HI! >> >> I wondered about a sentence in section 3.7. of RFC 4871: >> >> [..] The header field MUST be presented to >> the hash algorithm after the body of the message rather than with >> the >> rest of the header fields and [..] >> >> http://www.dkim.org/specs/rfc4871-dkimbase.html#hashing >> >> What does "the body of the message" mean exactly? The 1. body-hash or >> really >> 2. the whole message body (again)? >> >> The more formal description implies 1.: >> >> body-hash = hash-alg(canon_body) >> header-hash = hash-alg(canon_header || DKIM-SIG) >> signature = sig-alg(header-hash, key) > > You're computing two hashes. The first is a hash over the signed header > fields (which gets stored in the "bh="), and the second is over the body > followed by the (incomplete) DKIM-Signature header field.
Did you write that correctly, Murray? The *body* hash gets stored into bh. I think you mean I'm trying to make sense of what you wrote, and I'm sort of not getting it altogether. But I think he's right: it's meaning number 1. bh= gets body-hash, header-hash is the h= values, and DKIM-SIG is the to-be created signature header, minus the value part of b=. Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
