Going back through a few months of mail on the flight to IETF, preparing to post an update to this draft...
The intent of that paragraph is actually not to encourage use of "l=", but rather just to include it in the discussion. An MLM designer will probably want to try "l=" to solve this problem but may not be aware of the implications of its use, so it just points the reader back to the warning about it in RFC4871. For non-MIME mail, though, isn't a basic text append the way to do it? From: Serge Aumont [mailto:[email protected]] Sent: Tuesday, May 11, 2010 7:38 AM To: Murray S. Kucherawy Cc: [email protected] Subject: Re: [ietf-dkim] Lists "BCP" draft available [...] Section 3.4 At last, another idea usefulness is that draft in : "A possible mitigation to this incompatibility is use of the "l=" tag to bound the portion of the body covered by the body hash, but this has security considerations (see Section 3.5 of [DKIM])." The "l=" tag is one of the worth idea of DKIM if introduced because of message body footer added by some MLM. MLM must not add anything after the end of a message because this break Mime content. When adding a footer, MLM should add an extra mime part, and this often require to modify mime headers. So "l=" tag should not ne considered as an efficient way to protect DKIM signature. I known that the problem is comming from rfc-4871 but I propose to remove this sentence from this draft. Serge Aumont
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
