I think that the question here is going to be how much we are going to
require nowsp verifiers to know about MIME.
If we need to break a few signatures here for edge cases like MIME
headers that overflow that would be OK with me.
We should get it right though.
[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Thomas
Sent: Wednesday, July 20, 2005 2:56 PM
To: Douglas Otis
Cc: Michael Thomas; IETF MASS WG
Subject: Re: nowsp considered harmful
On 2005-07-20 10:34:24 -0700, Douglas Otis wrote:
On Jul 20, 2005, at 8:37 AM, Michael Thomas wrote:
Thomas Roessler wrote:
Or one could insert an empty line in front of a
turning an HTML body part into a text/plain one. (Do that on a
large scale with a legitimate, DKIM-signed HTML message from some
large financial institution, and see how their helpdesk reacts to
Huh? This would break the signature. In any case, banks are poster
children for users who should use simple.
While I agree this technique would break the signature,
(I.e., we now have a Content-Type line in the body, and an
empty MIME header. That is, the MIME body part's type is, by default,
Thomas Roessler, W3C <tlr(_at_)w3(_dot_)org>