<cisco hat on> Unfortunately, with signers in data centers throughout the world (this message was signed in Amsterdam), it looks like it'll be quite a while before Cisco is signing with v=1. It sounds like there was a canonicalization change (which I completely forgot about) between v=0.5 and v=1. I'll need to look that up.
Implementing old canonicalization schemes seems onerous, but I wonder if it would be possible to just provide an option to be more permissive about the version numbers. That way, if the canonicalization change only affects some messages/canonicalizations, it might be possible to verify some additional messages. I doubt that it would open any significant exploits. -Jim </cisco hat> Murray S. Kucherawy wrote: > On Mon, 17 Sep 2007, Todd Lyons wrote: > >> Is it safe to assume that it's complaining about the 'v=0.5' in the >> signature, or is there more to it than that? >> > > That's precisely it. The implementation doing the signing there is using > the version number we had in the drafts prior to the RFC being issued. > > When I re-did all of the canonicalization stuff, it became far too complex > to maintain support for older versions, so out it went. > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > dkim-milter-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss > > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
