At 02:20 AM 9/18/2004 -0700, Dave Crocker wrote:
On Fri, 17 Sep 2004 23:14:31 -0700, Jim Fenton wrote:
tag on the IIM-Sig header on this message for a sample). Should we have a
signature for the strict (non-canonicalized) form of the message as well, to
give that option to the recipient as well?
unfortunately, options are not free. they carry all sorts of system-level
costs
for adoption and use.
mostly, options should be provided because it is clear they do something
extremely important, rather than merely because they are nice.
Agreed, they're not free. Here are the two cases that I think motivate the
option here:
1. "Typical" sender who sometimes sends messages through a mailing list (like
this one, that adds an extra CRLF at the beginning of the body, or the ASRG
list, which adds a trailer). This sender probably wants to have the signatures
survive these modifications, and wants a canonicalization that does that.
Lists will probably start signing messages at some point, but we can't expect
that to happen instantly.
2. Paranoid (?) sender who does not expect to be sending through a mailing
list. Perhaps a bank communicating with individual customers. Such a sender
may not want to allow spacing to be adjusted nor appending to be allowed. They
would use a strict (null) canonicalization.
Does this seem extremely important?
-Jim