On 5/16/2011 9:00 AM, John R. Levine wrote:
The point of relaxed canonicalization was to deal with the kind of small
changes that dusty copies of sendmail make, not to handle every possible
message mutation that more or less renders the same.
The underlying concern here actually is pretty reasonable: Variations that do
not affect the appearance or semantics of a message could reasonably still
permit a signature to verify.
The problem is that the working group was not able to develop a... workable...
canonicalization algorithm to achieve this complete robustness. In the
extreme,
this is a research topic. Certainly it is a delicate engineering tasks, since
too much robustness against change can easily introduce security holes.
But, then, that's why the working group debate the issue so extensively and the
result did gain working group consensus.
Since the list of algorithms is defined to be extensible, anyone feeling that
an
additional algorithm is warranted is free to define it and seek community
consensus for it.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html