Going back through a few months of mail on the flight to IETF, preparing to
post an update to this draft...
The intent of that paragraph is actually not to encourage use of "l=", but
rather just to include it in the discussion. An MLM designer will probably
want to try "l=" to solve this problem but may not be aware of the implications
of its use, so it just points the reader back to the warning about it in
RFC4871.
For non-MIME mail, though, isn't a basic text append the way to do it?
From: Serge Aumont [mailto:serge(_dot_)aumont(_at_)cru(_dot_)fr]
Sent: Tuesday, May 11, 2010 7:38 AM
To: Murray S. Kucherawy
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Lists "BCP" draft available
[...]
Section 3.4
At last, another idea usefulness is that draft in :
"A possible mitigation to this incompatibility is use of the "l=" tag to bound
the portion of the body covered by the body hash, but this has security
considerations (see Section 3.5 of [DKIM])."
The "l=" tag is one of the worth idea of DKIM if introduced because of message
body footer added by some MLM. MLM must not add anything after the end of a
message because this break Mime content. When adding a footer, MLM should add
an extra mime part, and this often require to modify mime headers. So "l=" tag
should not ne considered as an efficient way to protect DKIM signature.
I known that the problem is comming from rfc-4871 but I propose to remove this
sentence from this draft.
Serge Aumont
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html