[ietf-dkim] Ticket 23 -- l= and Content-type

[Dave CROCKER]

Two quick reactions about the first part of the ticket:

    1. This is just a variant of the basic hole created by use of l=

    2. The premise that having the l= go to a multipart boundary somehow 
increases security is simply wrong.  More generally, the idea that one or 
another tidbit might tighten things a bit, l= opens such a huge door, the small 
tidbits don't matter.


As for the second part, with or without Content-Type, messing with the message 
in any interesting way will break the signature.

d/

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net