On Thu, Mar 30, 2006 at 05:26:56PM -0800, Paul Hoffman allegedly wrote:
Interesting issues; see below.
At 4:54 PM -0800 3/30/06, Jim Fenton wrote:
The hash is computed using the hash algorithm
that is used in the signing algorithm (taken from the "a=" tag),
using "simple" header canonicalization on the DKIM-Signature header.
I believe that some signer and verifier APIs have trouble handling
"simple" canonicalization because they don't present the whole header
field. It may be problematic to mandate "simple" here; why not use the
same header canonicalization specified for the signature?
I'm open to that change; I thought "simple" was the easiest, but
maybe not. How do others feel about this?
I agree that 'simple' is the easiest - in the original DomainKeys
drafts there was a sample perl implementation that took 4 or 5 lines
of code. Unfortunately because sendmail milter has a bug (that SMI
have promised to fix) some of those who are bound by milter
implementations want to bias the specification to match up with the
limitation of milter.
I expect that most of us have moved well beyond that sort of
mono-culture mentality, and I know the SMI folk are *not* the ones
pushing for this constraint, but nonetheless, it seems to live on in
NOTE WELL: This list operates according to