On Jul 20, 2005, at 1:50 PM, Michael Thomas wrote:
Douglas Otis wrote:
On Jul 20, 2005, at 11:55 AM, Thomas Roessler wrote:
On 2005-07-20 10:34:24 -0700, Douglas Otis wrote:
While I agree this technique would break the signature,
It wouldn't...
To quote the DKIM draft:
No, Thomas is correct; I read the original as being Content-Type in
the headers, not the mime part.
I also thought this was moving from the initial headers into the
body. Sorry about that, but this only increases concerns with
'nowsp'. Are you interested in working on a cleanup of Earl's
description of 'minwsp'? There does seem to be a bit of a conflict
about making assumptions regarding what level of preprocessing is
done prior to signing. Should this preprocessing be part of the
signing process. Should the signing process attempt to handle
messages that have not been processed and don't conform to a form
that is unlikely to be modified?
In "5.2.1 Normalize the Message to Prevent Transport Conversions"
Currently there is a SHOULD convert to 7-bit from 8-bit, CR or LF to
CRLF. Perhaps there should be some mention of ensuring line length
conforms to RFC 2821 as well. If so, that could simplify some of
what was in 'minwsp'.
Earl's text could be rewritten to say:
For headers,
1. Exclude WSP characters immediately preceding a CRLF sequence.
2. Exclude a CRLF sequence followed by a WSP.
3. Convert field names to lowercase.
For the body,
1. Exclude all SWSP at the beginning of the body.
2. Exclude WSP characters immediately preceding a CRLF sequence.
3. Convert any lone CR or LF to CRLF. (assumes 5.2.1 was not done.)
4. Exclude SWSP at the end of the body.
-Doug