[ietf-dkim] Lists "BCP" draft available
Murray S. Kucherawy
msk at cloudmark.com
Sun Jul 25 02:36:11 PDT 2010
Going back through a few months of mail on the flight to IETF, preparing to post an update to this draft...
The intent of that paragraph is actually not to encourage use of "l=", but rather just to include it in the discussion. An MLM designer will probably want to try "l=" to solve this problem but may not be aware of the implications of its use, so it just points the reader back to the warning about it in RFC4871.
For non-MIME mail, though, isn't a basic text append the way to do it?
From: Serge Aumont [mailto:serge.aumont at cru.fr]
Sent: Tuesday, May 11, 2010 7:38 AM
To: Murray S. Kucherawy
Cc: ietf-dkim at mipassoc.org
Subject: Re: [ietf-dkim] Lists "BCP" draft available
At last, another idea usefulness is that draft in :
"A possible mitigation to this incompatibility is use of the "l=" tag to bound the portion of the body covered by the body hash, but this has security considerations (see Section 3.5 of [DKIM])."
The "l=" tag is one of the worth idea of DKIM if introduced because of message body footer added by some MLM. MLM must not add anything after the end of a message because this break Mime content. When adding a footer, MLM should add an extra mime part, and this often require to modify mime headers. So "l=" tag should not ne considered as an efficient way to protect DKIM signature.
I known that the problem is comming from rfc-4871 but I propose to remove this sentence from this draft.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ietf-dkim