[ietf-dkim] editorials and nits
John Levine
johnl at iecc.com
Tue Jul 4 11:58:59 PDT 2006
>First of all, happy 4th of July. For some unknown reason Switzerland
>doesn't celebrate it.
As I understand it, they couldn't get the paperwork approved.
>>> #11 3.4.5, end of 1st informative note: s/ignore the tag/ignore
>>> content after the indicated length/ Reason - if the ignore the tag
>>> then they won't verify the signature.
>>
>> Actually, in our early discussion over this we actually did mean that
>> the verifier can simply ignore the tag, and yes, it won't verify. Some
>> people deemed that to be a feature, not a bug.
>
>In the "Horses not Zebras" department what's the best wording?
We still have some fairly basic disagreements about the utility, if
any, of the l= field.
If you want a consensus statement, I'd say that l= permits the sender
to indicate that there may be unsigned material after the end of the
signed body and leave it at that.
I would not be eager to leave in the advice on ways to make it harder
for bad guys to do bad things by adding hostile MIME content after the
signed part. We don't understand the attack routes very well and I
wouldn't want to create the impression that if senders follow our
advice, then l= is "safe".
R's,
John
More information about the ietf-dkim
mailing list