[ietf-dkim] Reading the entrails, was Moving to consensus
steve at wordtothewise.com
Mon Mar 23 07:37:06 PDT 2009
On Mar 23, 2009, at 7:19 AM, Eliot Lear wrote:
> On 3/23/09 1:49 PM, John R. Levine wrote:
>> The reason that l= was a bad idea is that it changes the answer to
>> question of whether a message is signed from "yes" to "sort of". The
>> less sort-of, the better.
> I'm sorry- in the plethora of email that is this list, I missed your
> position on l=. I take it from your note that it should be required
> not at all?
Use of l= allows anyone to copy the message, replace the content
with their own, and resend it without breaking the signature. (There
may be cases where they can't do that, but there are certainly cases
where they can).
It's the existence of it that's a bad idea. The sole redeeming feature
is that it's optional, and so receivers can treat any signature with l=
as invalid, with no risk of affecting mail sent by competent senders.
More information about the ietf-dkim