On July 18, 2005 at 08:14, Dave Crocker wrote:
I don't understand why preserving the "meaning" of the data is at all
relevant. The canonicalized form is, after all, a transient not intended
to
be used in place of the true or original form at all.
Making sure we are all very clear about the nature and purpose of
canonicalization, as used by DKIM, is not a small point. Should there be
changes in the language of the draft to try to work harder, at ensuring the
reader understands this point?
Yes! Since DKIM makes allows digitally signing of message bodies,
there is an implicit indication that message content can be "protected"
via DKIM.
It seems some comments on this list indicate that such protection
is not to be as solid as S/MIME or OpenPGP, but a "fuzzy" form of
protection, that is not well-defined (a security red flag).
IMHO, I think this is a bad way to go. If digital signatures of body
parts are to be supported, it should be done with the assumption
that such signatures will be used to verify the integrity of the
content in the way digital signatures are normally used. If not,
people will probably use it that way anyway.
Unfortunately, the email world tolerates transmission variance,
something that digital signatures do not like. Therefore, the
debate is what is an acceptable level of variance allowed that
gives us an acceptable level of security risk.
--ewh