15 Aug
2009
15 Aug
'09
5:03 a.m.
On Aug 14, 2009, at 8:39 PM, WJCarpenter wrote:
These days, standardized digitial signature schemes take into
account legal transformations that can happen during message
transmission. Most of them have a canonicalization formula so that
things still work. However, in early days, various schemes didn't
take that into account. Luckily, MTAs typically didn't rearrange
anything even if they were legally allowed to.
Are you sure that really works with e.g. PGP signatures? A quick look
at RFC 3156 seems to say that the data inside multipart/signed really
shouldn't be touched in any way.