In retrospect, it probably would have been better only to provide
simple and tell people more firmly to do the signing after and the
checking before any local modification.
That implies hop to hop rather than end to end. What would the
advantage over SPF be then?
The fact that most hops don't break even simple signatures. We went
through all this in 2006 (RFC 4686) and I don't see any reason to revisit
it now.
Perhaps Murray has data that says whether relaxed verifies much more
often than simple does.
Yes, http://www.opendkim.org/stats/report.html#hdr_canon says
Header canonicalization use:
canonicalization count domains passed
simple 653688 6786 591938
relaxed 3940377 56621 3640854
Although they only differ by 2% (90% simple vs 92% relaxed), such
percentages would be superb for tools like Spamassassin. I'd expect
at least 99% from a cryptographic tool.
This tells me that the benefit from relaxed is at most pretty small.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html