>> In retrospect, it probably would have been better only to provide >> simple and tell people more firmly to do the signing after and the >> checking before any local modification. > > That implies hop to hop rather than end to end. What would the > advantage over SPF be then?
The fact that most hops don't break even simple signatures. We went through all this in 2006 (RFC 4686) and I don't see any reason to revisit it now. >> Perhaps Murray has data that says whether relaxed verifies much more >> often than simple does. > > Yes, http://www.opendkim.org/stats/report.html#hdr_canon says > > Header canonicalization use: > canonicalization count domains passed > simple 653688 6786 591938 > relaxed 3940377 56621 3640854 > > Although they only differ by 2% (90% simple vs 92% relaxed), such > percentages would be superb for tools like Spamassassin. I'd expect > at least 99% from a cryptographic tool. This tells me that the benefit from relaxed is at most pretty small. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html