Dave CROCKER wrote: > > On 5/25/2011 9:59 AM, John Levine wrote: >>> The idea is to anticipate any unknown signature breaker. >> I'm pretty sure that's specifically out of scope. >> >> And I promise that whatever you do, short of wrapping the whole >> message in opaque armor, I can come up with something that will >> break it. > > One might have a goal of attempting to be robust against all forms > of potential breakage. > > That's not likely to be the goal of this sort of exercise. Rather, it > will be to choose a set of particular types of breakage, ignoring others. > For an effort like that, it is not meaningful to come up with additional > types of breakage, since there is no attempt to cover such additional > examples. >
Dave, While one reasonably understand the statement for feasibility, I have trouble with the vexing conflict exhibited when picking your battles yet a particular skirmish (i.e. a particular mail stream) is not part of the general solution. For example, IETF-SMTP, when 100% of signing domain participating in such a list constantly fails due to minute transparent changes, and it includes your own domains, one tends to be more interested in looking for a solution because it will water down the branding of your domains. IOW, the idea of mixed results does not help DKIM when it all falls under the same category. The list that does not change anything about the message except adds a footer is the principle reason that gives life to the "l=" tag and for domains to use it for a list known to add only a footer. For targeted list addresses I am a member of, I have my signer setup to: - use "l=" - do not sign the "Subject:" header So we did our job here. The only problem is the list that adds a <CRLF> to the top of the message. Sure, we are presuming this is a BUG and most likely is, but it could be a simple matter that the list operator had an EMPTY TopHeader file but has 2 bytes only in it <CRLF>. So we don't know what's actually going on. But rest assured, we (well, I did) did not pay attention to the extra TOP <CRLF>, only the extra BOTTOM <CRLF> potential. I see that you are not signing your mail for IETF-SMTP. I am and as well as others. Why is that not generally important? It is actually one of the simpler C14N issues to deal with. It may be minor, but it still an issue for a LIST that DKIM mail passes thru. I feel should be part of a DKIM C14N consideration and also an MLM awareness issue, not necessary for my sake but for DKIM sake. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html