[ietf-dkim] 23 again (sorry John) was Output summary - proposing ODID "Originating Domain Identity"
Murray S. Kucherawy
msk at cloudmark.com
Thu May 5 23:27:02 PDT 2011
> -----Original Message-----
> From: ietf-dkim-bounces at mipassoc.org [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Barry Leiba
> Sent: Thursday, May 05, 2011 1:55 PM
> To: John R. Levine
> Cc: ietf-dkim at mipassoc.org; Alessandro Vesely
> Subject: Re: [ietf-dkim] 23 again (sorry John) was Output summary - proposing ODID "Originating Domain Identity"
> We certainly could deprecate it, and add something that says that
> verifiers MAY consider a signature for which l= is less than the full
> message length to fail verification. Such a change should have been
> proposed earlier in the process, but I won't consider it out of scope
> if we have consensus to do that now.
As I recall the document does say something like "acceptable to the verifier" and this is one of several local verifier policy examples that was meant to cover. (Another, for example, is "Subject: wasn't included in the hash" which is an option in at least two implementations.) I'm fine leaving it like that, or perhaps creating another appendix that lists common scenarios in this realm.
> And, of course, we can always add non-normative advice somewhere (but
> I suggest NOT in 4871bis) that evaluation systems that use DKIM should
> check l= against the message length when deciding what to do.
Anyone sufficiently passionate about "l=" being deprecated can do that through other venues if we don't want to take that work up here.
More information about the ietf-dkim