[ietf-dkim] ISSUE: tag l=2 and dealing with leading blank lines for SIMPLE c14n.
johnl at iecc.com
Wed Jan 24 09:57:32 PST 2007
>> If the signer wants to make sure that messages are not subject to
>> "append attacks", they shouldn't use l=. Use the default.
>IIRC, every time someone brings up l= problems, the response is don't use it.
>Is there a problem it solves that we need it? If it's inherently risky and
>should not be used, I'm wondering if it should even be in the RFC?
Personally, I have never thought that l= would be useful, but I was
willing to leave it in the draft for the benefit of people who want to
try it out. This document is in last call, it is nuts to propose
opening it up to add yet more untried features of at most debatable
-99 to any proposed new features
More information about the ietf-dkim