[ietf-dkim] mailing lists and -base
Jim Fenton
fenton at cisco.com
Tue Mar 28 09:01:32 PST 2006
Bill.Oxley at cox.com wrote:
> Is signing the body at all an essential requirement? Yes, some potential
> risk for a replay attack but otherwise "whoami I sent this" should be
> sufficient for some providers,
>
>
As long as people support the l= tag, they could use l=0 to not sign the
body. This capability has been cited as a reason to get rid of l=
because it facilitates such "dangerous" behavior. IMO, if they want to
sign such messages, and recipients want to accept them, let them do that.
-Jim
More information about the ietf-dkim
mailing list