Tony Hansen wrote:
Paul Hoffman wrote:
Fully agree, but that doesn't lead to the conclusion that the verifier
*cannot* use heuristics (one of which might be the value of x=) to try
to get the signature to validate.
So, let's have that examination now.
I know that Michael Thomas was doing some work along these lines, to see
how resilient you could be to changes incurred through a mailing list.
Yep, and in fact I only compute exactly one message hash that I do the
RSA verify with, not multiple. Which isn't to say that other heuristics
might
require more than one.
I have to say that I'm a little confused by this thread. Nobody's suggesting
that we change the spec to include any of this are they?
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html