ietf-mailsig
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Goldilocks Canonicalization

2005-07-18 17:13:28
from [Michael Thomas] [Permanent Link] 

Douglas Otis wrote:
It seems DKIM could do better, as 'nowsp' will likely invite abuse 
  [...]

My claim is that the Goldilocks Canonicalization doesn't exist. The
real email world is far too messy for there to be a Goldilocks canonicalization, so we're as engineers going to have to make a 
compromise. Nowsp comes relatively close: it's cheap, it's simple
to implement, it does a reasonable job about getting past manglers,
and it's abuse vector is not all that serious. And if it becomes
serious, senders always have the recourse to modify the body to
qp or b64 or use the the simple canonicalization instead. Other
suggestions have from what I've seen been wanting to slide right
down the complexity slippery slope for which I have a great deal
of problem -- we already have ability *before* you send the message
to DKIM to be signed.

I will repeat: canonicalization is an extremely bug intensive area
for interoperability and complexity is the enemy. Let's keep some
perspective here.

                Mike
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DKIM - Header Fields, Arvel Hathcock
Next by Date:  Re: DKIM - Header Fields, Ned Freed
Previous by Thread:  Re: DKIM: Canonicalization, Douglas Otis
Next by Thread:  Re: Goldilocks Canonicalization, Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]