[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DKIM: c=simple is aspirational
--- Michael Thomas <mike@xxxxxxxx> wrote:
> you're missing one use case of simple which doesn't have an
> dependencies on aspirations: the case were a signer would rather
> the signature break -- with even the possibility of discard.
> For example, statements@xxxxxxxxxxx probably does not want anything
> monkeyed with their statement, and is willing to tolerate the
> risk of manglers.
Ahh yes. Good point. I keep forgetting that. The other point is that *any*
canonicalization that allows
removal or replacement has *some* risk of abuse. If it turns out that a
deployed "nowsp" is vulnerable, we have a choice of a fork-lift upgrade to
introduce a safer canonicalization - if that is the only canonicalization
available, or a config upgrade to switch to "simple" if we deploy with multiple