Menu
▾
▴
Re: [Razor-users] Revoke submits whole e-mail?
|
From: Matt K. <mke...@ev...> - 2004-10-25 17:22:40
|
At 12:39 PM 10/25/2004, Luis Alberto Pab=F3n Flores wrote: > >> In the event of an e4 parameter change the server MUST have the body of > >> the message for a revoke. End of story. > > i agree, otherwise it isn't possible to recompute fingerprints. > >Dumb question: why cannot this be done on the client's machine? I >suppose that there's a contundent reason for not to do that... First, none of this matters, it can be solved with the overlap, which=20 bypasses the need for recomputation. So, bearing in mind recomputation can be avoided, for academic purposes=20 only, it's highly impractical to handle recomputation on the client end. Do you understand how e4 works? e4 calculates the SHA1 hash of a range of characters in the email. It's got= =20 a starting-byte index and an ending-byte index as parameters. When these=20 parameters change, the hash becomes different. If you want to carry forward= =20 old reports to the new hash-range, you have to recompute the hash from= scratch. To handle the work of recomputation on the client side would involve one of= =20 two options: 1) precompute all possible hashes at the time of submission. Not practical= =20 because there's millions of sensible e4 combinations, and it would take=20 hours to compute them all, and you'd end up with at least a 24mb=20 submission. ((20bytes hash + 4 bytes parameters) * 1 million combinations) 2) force the clients to maintain an archive of submitted messages. Force=20 them to immediately respond to a server-initiated request for recompute of= =20 all the archived messages (cannot wait till later, thus you would have to=20 allow the razor server to initiate a connection to your system for this.)=20 Not practical for client-side security reasons. Do you want a hole in your= =20 firewall? Do you want your client burning CPU at the beck and call of a=20 razor server? Not practical for client-side storage reasons: Do you want to= =20 offer mid-term storage service for emails to the razor client? Say all=20 revokes for the past month? |