[ietf-dkim] editorials and nits
Eric Allman
eric+dkim at sendmail.org
Fri Jul 7 13:25:46 PDT 2006
--On July 4, 2006 6:58:59 PM +0000 John Levine <johnl at iecc.com> wrote:
> ...
>
> If you want a consensus statement, I'd say that l= permits the
> sender to indicate that there may be unsigned material after the
> end of the signed body and leave it at that.
>
> I would not be eager to leave in the advice on ways to make it
> harder for bad guys to do bad things by adding hostile MIME content
> after the signed part. We don't understand the attack routes very
> well and I wouldn't want to create the impression that if senders
> follow our advice, then l= is "safe".
Actually the intent of the wording is to make it clear to the reader
that the l= option is /not/ safe in the general case.
eric
More information about the ietf-dkim
mailing list