ietf-mailsig
[Top] [All Lists]

RE: Rambings on RFC2822 signatures.

2004-09-19 01:43:58

On Sun, 2004-09-19 at 11:24 +0300, Andriy G. Tereshchenko wrote:
Let's separate canonicalisation and permissiveness. 

Strongly agree !!

Canonicalisation means stuff like undoing base64 encoding, con
v              ert
i              ng ch
a             rsets to UTF-8, foldin
g             whitespace in _heade
r              s_ 
a             nd maybe most of text/html (outside <PRE>, etc) but not in 
text/plain.

Cute. :)

Even in HTML, that change wouldn't be hidden due to canonicalisation. In
HTML a space may sometimes be considered equivalent to multiple spaces,
but it's not considered equivalent to _zero_ spaces. So the addition of
spaces _within_ words like that would break the signature under any sane
canonicalisation scheme.

Obviously in text/plain no mangling of whitespace should be accepted
under the banner of 'canonicalisation'. With the possible limited
exception of 'format=flowed'.

Whether we want to allow such things under any _permissiveness_ scheme
is a different matter. I'd say 'no' -- the only thing we really need to
deal with is charset/encoding conversions and the common case of a few
lines being added at start or end of the mail -- and maybe MIME parts
being removed from the mail.

-- 
dwmw2


<Prev in Thread] Current Thread [Next in Thread>