> On 07 Jun 2016, at 09:43, Jason A. Donenfeld <ja...@zx2c4.com> wrote: > > Hi Joerg, > > Reading from the RFC http://dkim.org/specs/rfc4871-dkimbase.html I saw this: > > > "Signers SHOULD choose canonicalization algorithms based on the types > of messages they process and their aversion to risk. For example, > e-commerce sites sending primarily purchase receipts, which are not > expected to be processed by mailing lists or other software likely to > modify messages, will generally prefer "simple" canonicalization. > Sites sending primarily person-to-person email will likely prefer to > be more resilient to modification during transport by using "relaxed" > canonicalization." > > > It appears that filter-dkim-signer is using simple/simple, and not > relaxed. In practice, what do you think of the RFC's advice? Will > simple canonicalization really be no good for person-to-person email? > Do you know real life situations in which DKIM will fail as a result > of innocuous modification? Or have these issues been worked out now, > and simple canonicalization is okay for all purposes?
Sorry, but I do not use DKIM, so I have no idea. Sunil, the author of filter-dlim-signer might be able to answer your questions. > Regards, > Jason > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org