On Mon, 18 Jul 2005, Douglas Otis wrote:
It seems DKIM could do better, as 'nowsp' will likely invite abuse and
fuel an artwork replay problem, or a ploy to make the sender appear to
be a victim of such abuse. This makes dealing with replay issues a
more difficult problem, as with such freedom, it would be difficult to
tell who did what. At some point, once 'nowsp' abuse becomes prevalent,
this mode would need to be abandoned. More should be available than
just the 'simple' mode. I hope this wg can define something between
these two modes.
Let me add that I also completely agree with above. That is why
Content-Digest draft unlike DKIM has 3 types of canonicalization
methods - 'bare', 'simple' and 'nofws" for header and 'bare', 'text',
'nofws' for body.
I'd like to see common methods defined for use for Content-Digest
and for future iteration of DKIM and possibly other signature systems
as that would make it easier for developers and allow to create common
libraries. It might also be good idea to have canonicalization algorithm
separated and written down in separate draft.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net