...... Original Message .......
Presuming you're referring to features like canonicalization, body
length count, and header copying,
yes.
However canonicalization is merely related to minor syntax changes. The
other two are trying to protect against some types of semantic changes (but
not others.)
in IIM there is no ambiguity as to
what the sender chose. It is all
the ambiguity is at the system and architecture level not with the iim
spec.
The heuristcs inviolve the utility of the mechanisms.
Iim is 'guessing' that it will cover a useful set of semantic changes to
the message. That is the techniques are thenselves heuristics.
I'm receiving a certain amount of DK-signed mail now. Virtually none of
it verifies successfully because it has passed through a mailing list
that did something (usually minor) to the message.
the requirement is to get mailing lists to do the signing, not to create
long term standards hacks trying to get around situations in which an
entity posts a new message that looks a lot like an old message that
happened to be signed.
By the way, the semantics of this distinction is much clearer if the
signing is done by the 822.sender and not the 822.from.
Requiring mailing lists, in all cases, to sign their messages
greatly slows the usefulness of any signature mechanism.
My own experience is that adoption is speeded by simplicity and directness
of a specification and its use.
from a systems and architecture standpoint this is neither.
Describing it as an "arms race" implies that the operators of mailing
lists are actively working to defeat signature-based mechanisms, which
is not the case. We aren't trying to track intermediary behavior going
forward, just to accommodate widespread legacy behavior.
It is an arms race because it involves partial effort to defeat processes
that are hostile to the message. As the inadequacies of the partial
mechanism get reactions from users there will be increasing pressure to add
more hacks.
Let me be very clear. The problem is not with mailing list developers or
operators.
The problem is with our own view that they are not full fledged originators
of mail.
_
Dave Crocker
Brandenburg InternetWorking
brandenburg.com