ietf-mailsig
[Top] [All Lists]

Re: nowsp considered harmful

2005-07-20 11:55:43

On 2005-07-20 10:34:24 -0700, Douglas Otis wrote:

On Jul 20, 2005, at 8:37 AM, Michael Thomas wrote:
Thomas Roessler wrote:

Or one could insert an empty line in front of a content-type header,
turning an HTML body part into a text/plain one.  (Do that on a
large scale with a legitimate, DKIM-signed HTML message from some
large financial institution, and see how their helpdesk reacts to
it.)


Huh? This would break the signature. In any case, banks are
poster children for users who should use simple.

While I agree this technique would break the signature,

It wouldn't...

        --foobar
        Content-Type: text/html
        
        <html>...

Turns into:

        --foobar

        Content-Type: text/html
        <html>...

(I.e., we now have a Content-Type line in the body, and an empty
MIME header.  That is, the MIME body part's type is, by default,
text/plain.)

Regards,
-- 
Thomas Roessler, W3C   <tlr(_at_)w3(_dot_)org>


<Prev in Thread] Current Thread [Next in Thread>