The underlying concern here actually is pretty reasonable: Variations that do
not affect the appearance or semantics of a message could reasonably still
permit a signature to verify.
Oh, sure, but we also traded off the cost of handling changes and how
common they are. For example, old copies of sendmail often add an extra
blank line at the bottom of a message. That's common (or at least, was
common), and easy to deal with, and is the kind of thing that relaxed
handles. The variety of MIME rewrites is so vast that I don't see any
hope of handling a usefully large set of them, so I'm not inclined to try.
If you really really really want your signature to verify, after signing
the message, turn it info a base64 encoded message/rfc822 mime part, wrap
another message around it, and unwrap it before verifying. That works
with S/MIME, too.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html