ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] New canonicalizations

2011-05-16 08:46:56
In retrospect, it probably would have been better only to provide
simple and tell people more firmly to do the signing after and the
checking before any local modification.

That implies hop to hop rather than end to end.  What would the
advantage over SPF be then?

The fact that most hops don't break even simple signatures.  We went 
through all this in 2006 (RFC 4686) and I don't see any reason to revisit 
it now.

Perhaps Murray has data that says whether relaxed verifies much more
often than simple does.

Yes, http://www.opendkim.org/stats/report.html#hdr_canon says

Header canonicalization use:
canonicalization      count   domains passed
simple                  653688        6786    591938
relaxed                 3940377       56621   3640854

Although they only differ by 2% (90% simple vs 92% relaxed), such
percentages would be superb for tools like Spamassassin.  I'd expect
at least 99% from a cryptographic tool.

This tells me that the benefit from relaxed is at most pretty small.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html