On July 20, 2005 at 10:05, Thomas Roessler wrote:
nowsp, when combined with the length parameter, can enable attackers
to completely replace the e-mail content displayed by mail user
agents, without invalidating the DKIM signature.
General question: Can someone provide real use cases that utilize
the nowsp algorithm in an effective manner?
The only example I remember being mentioned is the case of super-long
lines that are clear violation of RFC-2822. Nowsp seems to try
to deal with cases that DKIM should not even bother with.
Thanks,
--ewh