On 5/16/2011 9:00 AM, John R. Levine wrote: > The point of relaxed canonicalization was to deal with the kind of small > changes that dusty copies of sendmail make, not to handle every possible > message mutation that more or less renders the same.
The underlying concern here actually is pretty reasonable: Variations that do not affect the appearance or semantics of a message could reasonably still permit a signature to verify. The problem is that the working group was not able to develop a... workable... canonicalization algorithm to achieve this complete robustness. In the extreme, this is a research topic. Certainly it is a delicate engineering tasks, since too much robustness against change can easily introduce security holes. But, then, that's why the working group debate the issue so extensively and the result did gain working group consensus. Since the list of algorithms is defined to be extensible, anyone feeling that an additional algorithm is warranted is free to define it and seek community consensus for it. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html