Nathaniel Borenstein wrote:
A side note: I absolutely can't bring myself to care if DKIM is
vulnerable to "vandalism" in the form of corrupting sabotage of real
messages, because there's no money in it for the vandal. Nearly every
protocol on the Internet is subject to horrific vandalism in the form
of DOS attacks. Why worry more about it here? -- Nathaniel
I have been in somewhat the same camp, but I think the argument here is
that it's much easier to judge whether a given canonicalization or
feature permits a semantic change in the message contents than it is to
judge what can be exploited to make money for vandals. It's a higher
but better defined bar.
-Jim