Dave Crocker wrote:
...... Original Message .......
Presuming you're referring to features like canonicalization, body
length count, and header copying,
yes.
However canonicalization is merely related to minor syntax changes. The
other two are trying to protect against some types of semantic changes (but
not others.)
Header copying also removes potential ambiguity about which are the
signed headers, when one of the headers to be signed can occur more than
once. Depending on header ordering for this is unreliable.
in IIM there is no ambiguity as to
what the sender chose. It is all
the ambiguity is at the system and architecture level not with the iim
spec.
The heuristcs inviolve the utility of the mechanisms.
Iim is 'guessing' that it will cover a useful set of semantic changes to
the message. That is the techniques are thenselves heuristics.
IIM is providing a couple of tools that the signer can employ to specify
what sort of changes they might allow. It is doing no 'guessing'.
OTOH, the specifiers of IIM (me, anyway) may have been 'guessing' what
is useful. :-)
By the way, the semantics of this distinction is much clearer if the
signing is done by the 822.sender and not the 822.from.
How about that idea about making the signature independent of the
headers? Then the signer is the signer, period. This seems like a good
simplification.
I think we're just going to have to agree to disagree on the other
issues regarding whether helping signatures to survive mailing lists is
a good or bad idea, and seek wider consensus.
-Jim