On Aug 14, 2009, at 8:39 PM, WJCarpenter wrote:
These days, standardized digitial signature schemes take into account legal transformations that can happen during message transmission. Most of them have a canonicalization formula so that things still work. However, in early days, various schemes didn't take that into account. Luckily, MTAs typically didn't rearrange anything even if they were legally allowed to.
Are you sure that really works with e.g. PGP signatures? A quick look at RFC 3156 seems to say that the data inside multipart/signed really shouldn't be touched in any way.