>> This is a very, very brief document that is targeted to obsolete RFC 1652.
>
> Please note that there hasn't been any reports of security issues with this
16 year old specification.
RFC 4871 is of 2007 and reports an issue with it. Section 5.3
practically says that 8bit SHOULD NOT be used. I'm not sure whether
this is a security consideration that would incarnate Stephen's
concern (also because, since the "relaxed" Header Canonicalization
Algorithm does not take into account quotes, /any/ rfc2045 extension
token breaks those signatures, not just 8BITMIME.)
It's hardly the 8bitMIME extension's fault that DKIM is misdesigned - It isn't
at all difficult to define a signature mechanism capable of surviving encoding
changes. The DKIM group simply chose not to do it, making a design tradeoff
that severely limits DKIM's applicability.
Ned
_______________________________________________
yam mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/yam
