It appears that Phillip Tao <[email protected]> said: >1. Easier to implement - By sharing much of the underlying technology with a >widely deployed (or rather, >hopefully-soon-to-be-widely-deployed) authentication mechanism in DKIM2, it >will be easier for both senders and receivers to adopt. >Similarly, implementors do not have to worry about cases like the inner >headers not matching outer headers.
But, as I explained in the previous message, there is nothing to share. The headers for the unobtrusive signatures are inside a MIME part so they're inside the message body and do not get canonicalized by DKIM. >2. Explicit compatibility with DKIM2 - Ideally, these signatures should not be >broken by intermediate hops that conform to DKIM2's >diff algebra. By explicitly sharing the same canonicalization and signing >scheme as DKIM2, this would guarantee compatibility with the >DKIM2 ecosystem. But the signatures are on a message mapped in a MIME part which will either be there or it won't. It is hard to imagine a realistic situation where there would be a change described by diff algebra that would affect the insides of the signed MIME part. >3. No MIME structure alteration - These signatures are meant to be >"unobtrusive". Part of that to, IMO, is that there's absolutely no >impact on how the message is treated by the receiving MTA and MUA, regardless >of the MUA's support for this scheme. From the >draft/DKG's presentation in Madrid, it seems like this draft has been fairly >well tested already, and seems compatible. However, it's >obviously infeasible to test all existing MUAs, not to mention future versions >of MUAs. There's significantly less risk of errant MUA >behavior if the actual message body does not need to have a different MIME >structure to support this signature scheme. This also >simplifies interaction with things like Structured Email, in which certain >MIME structures signal certain cases. DKIM is, at least at the moment, oblivious to MIME. We've had some thoughts about signing MIME parts separately, but I still don't think that matters here since the DKIM2 signatures would be unrelated to the PGP signatures you're using. >DKIM signatures can sign other headers. For DKIM2, I believe there's a >proposal to just always sign all headers. Perhaps, but since the headers you care about are inside a MIME part, it's irrelevant. I am not opposed do doing things in a common way where it makes sense, but I still do not see how these MIME wrapped PGP signatures are like DKIM signatures other than that they use the word "signature". R's, John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
