On Wed, Apr 8, 2015 at 11:06 AM, John R Levine <jo...@taugh.com> wrote:
> Well, that's the problem. The current spec has a well defined rule that a > verifier uses on the headers and body and the key from the DNS. Either the > signature's valid or it isn't. The recipient can certainly decide to do > whatever it wants with that bit, but it's one well defined bit. > > Unless I'm misreading these drafts, the signature now says "I took the > message, and then I deleted this part, and then I added that part" or the > like. While it's likely possible for the recipient to say, yes, that's > what you did, the recipient still has to make up its own rules about what > transformations it likes, probably including body filtering of new parts. > Are these not well-defined rules, in the same vein that canonicalizations are? That's certainly the intent here. The existing "relaxed" canonicalizations spell out a bunch of things you do to the content before you compute the hashes. That's all these do as well. It's more involved, to be sure, but in the end you're just trying to figure out if the "d=" domain took responsibility for the content. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
