+1 to Scott's comment (killing l= in the simplest possible way). I don't think that change necessarily will drive senders to change their implementations (as we're already seeing some stop using l= already), but I think it makes sense to have the RFC take a stronger stance and outright remove support for l= over just calling out the risks with using it.
/E On Fri, May 24, 2024 at 4:14 PM John R Levine <[email protected]> wrote: > According to Scott Kitterman <[email protected]>: > >Honestly, I think l= is an idea whose time has passed (if it ever existed > at all). We ought to just kill it using the simplest > >procedural mechanism available. > > We can do an update to deprecate l= but I think that if we just adjusted > our validation software to ignore l= the failure rate would be vanishingly > low. > > The ESP that was using l=1 has stopped. Ironport systems sign the entire > body and set l= to the body length, so even if you ignore the l=, the > signature on an unmodified message will still validate. > > R's, > John > > _______________________________________________ > Ietf-dkim mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
