[ietf-dkim] who's using l=
steve at wordtothewise.com
Mon Jun 1 08:56:01 PDT 2009
On Jun 1, 2009, at 8:23 AM, Barry Leiba wrote:
> John says...
>> Related question: whether or not you sign with l=, does anyone have
>> any software that does anything with l= other than use it to decide
>> how much of the body to check? Anyone seen an MUA that uses it to
>> manage message display? A spam filter that uses l= in its secret
>> sauce? Any use of l= at all?
> I think this is an important question for us to answer as we decide
> what to do with it in 4871bis work, and I'd like to see some answers
> either way (including "We don't sign with it.") I'd especially like
> to hear what verifiers do if it's present and it doesn't cover the
> whole message: what do you do with the part of the message past the
> specified length?
> So, please, don't be silent on this thread. But also, please only
> talk about what implementations *are doing*, not what they might
> hypothetically do. Thanks.
If we see a message that's signed with l= then we treat it as unsigned
If l= usage becomes common we'll probably treat the case where
l= the actual length of the message as validly signed and any
other l= value as unsigned.
We're not doing anything particularly clever with DKIM identities,
though, just using them as a key to a domain based whitelist to
enable some automated handling of inbound email (FBL handling,
primarily) and enabling rendering email with risky renderers (html,
pdf) by default
More information about the ietf-dkim