Hector Santos wrote:
I vote for a new corresponding key tag, "l=" in section 3.6 Key
Management and Representation.
l= Defines whole or partial hashing of body
w The entire body is hashed (default). The
DKIM-Signature: l= tag may be omitted or defined
with the full body length.
p Partial hashing allowed.
# If a number is defined, this is the MINIMUM bytes
allowed to hashed.
Again, I'm just winging it and I hope some doc person can do a better
job. I personally prefer the default to be entire body hashing.
I disagree with the need for this. If the domain administration trusts
someone to apply a signature for a domain, they should be trusted to
abide by rules the domain sets for the signature: proper use (or
non-use) of l=, what header fields to sign, etc. If they can't be
trusted to do this right, they shouldn't be trusted to sign at all.
This is different from the specification of the hash and signature
algorithms in the key record, since the use of too-weak algorithms might
(at some point in the future, presumably) allow someone not authorized
at all to apply a valid signature.
NOTE WELL: This list operates according to