On Tue, Apr 21, 2020 at 09:54:17AM +0200, Gero wrote in
<20200421075417.gv11...@innocircle.com>:
One thing, though: use base36, not base64 - as recommended in [0].
Base64 only saves 4 characters and you don't necessarily need to put all
160 bits of the sha1 into the Message-ID.
Also agreed.
As the standard says, if there is software treating MessageId as
case-insensitive, this shouldn't be exploitet.
I used Base64 in one of my proposed patches as there we can easily re-use
the functions already part of Mutt to do this. I note that RFC822 says
that the case in the Message-ID should be preserved. Even if there are
some non standards conforming software implementations out there, I still
think that potential issue would be so small that it can be ignored
completely. It becomes a trade off between ease of implementation and
saving a few bytes which I don't feel too strong about either way.
Kind regards,
Remco
