> The underlying concern here actually is pretty reasonable: Variations that do > not affect the appearance or semantics of a message could reasonably still > permit a signature to verify.
Oh, sure, but we also traded off the cost of handling changes and how common they are. For example, old copies of sendmail often add an extra blank line at the bottom of a message. That's common (or at least, was common), and easy to deal with, and is the kind of thing that relaxed handles. The variety of MIME rewrites is so vast that I don't see any hope of handling a usefully large set of them, so I'm not inclined to try. If you really really really want your signature to verify, after signing the message, turn it info a base64 encoded message/rfc822 mime part, wrap another message around it, and unwrap it before verifying. That works with S/MIME, too. Regards, John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
