ietf-mailsig
[Top] [All Lists]

Re: DKIM: c=simple is aspirational

2005-07-16 23:58:28

--- Michael Thomas <mike(_at_)mtcc(_dot_)com> wrote:

you're missing one use case of simple which doesn't have an
dependencies on aspirations: the case were a signer would rather
the signature break -- with even the possibility of discard.
For example, statements(_at_)bigbank(_dot_)com probably does not want anything
monkeyed with their statement, and is willing to tolerate the
risk of manglers.

Ahh yes. Good point. I keep forgetting that. The other point is that *any*
canonicalization that allows
removal or replacement has *some* risk of abuse. If it turns out that a
deployed "nowsp" is vulnerable, we have a choice of a fork-lift upgrade to
introduce a safer canonicalization - if that is the only canonicalization
available, or a config upgrade to switch to "simple" if we deploy with multiple
canonicalizations.

Mark.


<Prev in Thread] Current Thread [Next in Thread>