[ietf-dkim] 1193 considered harmful
Barry Leiba
leiba at watson.ibm.com
Tue Mar 21 15:43:19 PST 2006
>> It does not break current implementations though. As Murray
>> and Arvel's implementations can attest.
>
> Again, I didn't say your "X=" broke anything. I said that it
> requires a change in the signer and verifier in order to detect
> which of the header or body broke the signature.
Well, but that's irrelevant. Mike's (correct) point is that if the
verifier doesn't care about the new information provided, the verifier
doesn't have to change. With the proposal on the table, all verifiers
would have to migrate.
I agree, though, that since the verifiers have to migrate anyway (to
SHA-256), I think this is a less-than-compelling reason not to do this.
The "slippery slope" reason is more compelling.
Barry
--
Barry Leiba, Pervasive Computing Technology (leiba at watson.ibm.com)
http://www.research.ibm.com/people/l/leiba
http://www.research.ibm.com/spam
More information about the ietf-dkim
mailing list