I've been told that when faced with headers that have extra WSP (more
than one space or tab) between the : and the value, milter-based
implementations have a problem properly signing or verifying messages
with the simple header algorithm. The milter code itself strips out the
extra WSP *before* the siging/verifying code sees the header name and
value. At least one milter-based implementation handles this by making
the assumption that the headers always have a single space after the :.
Consequently, these implementations will fail when faced with such messages.
For those who know milter well, is my summary here correct?
Since milter-based solutions will probably be fairly commonly used, I
think we have a serious problem.
Some possible solutions include: writing off milter (nah, just kidding),
ignoring the problem (not a good idea), and possibly changing the
definition of simple (gulp).
If we were to change the definition of simple, the simplest change would
be to do as the milter-based code mentioned above does and just always
use a single space after the :.
I also have no idea how milter handles 822 headers with WSP *before* the
:. This may be a separate issue that we need to address as well.
Tony Hansen
tony(_at_)att(_dot_)com
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html