On Sun, 2004-09-19 at 22:56 -0700, Jim Fenton wrote:
Here are the two cases that I think motivate the option [ of including
a signature for the strict non-canonicalised message ] here:
1. "Typical" sender who sometimes sends messages through a mailing list
2. Paranoid (?) sender who does not expect to be sending through a mailing
list.
Does this seem extremely important?
Not really. Canonicalisation, by definition, wouldn't harm the meaning
of the mail. There's no real reason for the bank to _insist_ that the
mail arrive in ISO8859-15 encoding as they sent it instead of UTF-8, for
example. I cannot imagine a situation in which you'd really want to
include a signature on the non-canonicalised mail.
If you were thinking of permissiveness -- actually allowing text to be
added to the mail in transit -- that's different. We'd already _include_
the signature on the original mail, and the information which allows
permissiveness is my suggested rolling checksum and linecount to help
the recipient locate the original text within the mail on final
delivery. If the bank _really_ wants to avoid any mangling of its
outgoing mail, by mailing lists or otherwise, it could omit that extra
information and include _only_ a signature on the original body. But I
don't actually think such a requirement is _important_, no. This isn't a
scheme to help prevent people from sending mail where they didn't intend
to.
--
dwmw2