-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/18/2011 10:22 AM, Marc Petit-Huguenin wrote: > Inline. > > On 01/18/2011 05:21 AM, Eric Rescorla wrote: > >> On Dec 6, 2010, at 2:12 PM, Marc Petit-Huguenin wrote: >>> bytes, or 2032 bits. >>> >>> A.14. Section 5.3.2 "uint32 length;" >>> >>> I can assume that this length covers the Header, MessageContents and >>> Signature, >>> but I would guess that this was useful when Message was sent without >>> FramingHeader over TCP (same than for the relo_token used to >>> disambiguate STUN >>> packets). Now that this is useless, can't this length been only >>> Header and >>> MessageContents, so it is possible to find the boundary between >>> MessageContents >>> and Signature without having to parse MessageContents at all? >>> > >> I think it's a mistake to assume we'll never want messages to be >> self-contained/unframed. >> Is there a real advantage to this breaking change? > > A little easier to parse the message, but you are right that a message can be > unframed.
The signature can be generated without parsing the message contents, as stated in section 5.3, but it cannot be verified without parsing them, as the length of "message_body" and "extensions" are needed to find the beginning of SignatureBlock. There is a similar issue in StoredData, where length is equally useless, as StoredDataValue had to be parsed to verify the signature (and this cannot be done without knowing the DataModel used). That's not really an issue because anyway MessageContents and StoredDataValue had to be parsed (with the knowledge of the DataModel) after the signature is verified, but that prevent a clear separation of layers in software. BTW I was not able to find text explaining what to do if the message level signature fails. Should the message be dropped (and so be retransmitted) or should an error be sent back? - -- Marc Petit-Huguenin Personal email: [email protected] Professional email: [email protected] Blog: http://blog.marc.petit-huguenin.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk1Ne54ACgkQ9RoMZyVa61d9bACgiBWcYYk3KapDfXgXgn6keBQ4 egoAnRKTn6tB8AtmszhSZr1FVGUOBxDS =0zx7 -----END PGP SIGNATURE----- _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
