On 17/May/11 16:45, Ian Eiloart wrote: > However if some of the messages were never properly signed (whether > failed attempts to spoof, or administrative or technical failure), > then that 20% must be higher. It could even represent 100% > reduction in false negatives due to (otherwise benign) in-flight > modifications.
Actually, those figures don't even distinguish between failures due signature comparison and earlier errors, such as body-hash mismatch or invalid key. To run the test properly we'd need to put two DKIM-Signatures with different canonicalizations, on each message. I don't know what is going to happen with EAI and YAM, but one day we'll have utf-8 in the header as well as in the body. As it would be very clumsy to insist for 7-bit normalizations at that point, I think there will be a new revision; presumably, the next one after 4871bis. If we'll have some test results of a new canonicalization at that time, showing, say, 95%~98% "pass", the new canonicalization can be included in such future DKIM revision. That would be a significant improvement, won't it? _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html