I have some comments about the l= tag.
From the spec:
l= Body count (plain-text decimal integer; OPTIONAL, default is
entire body). This tag informs the verifier of the number of
bytes in the body of the email included in the cryptographic hash,
starting from 0 immediately following the CRLF preceding the body.
First, it seems to me this l= count is the size of the canonicalized body.
If so, it should probably state so in the paragraph above.
Second, based on the above, the count starts after the second CRLF (the CRLF
presiding the body).
If this correct?
But the example in the specs shows otherwise:
A: <SP> X <CRLF>
B: <SP> Y <CRLF>
<SP> Z <CRLF>
D <SP><TAB><SP> E <CRLF>
is canonicalized to:
Based on this example, the two parts are:
canonicalized header: a:X<CRLF>b:YZ<CRLF>
canonicalized body: <CRLF>CDE
Therefore the the l= count size includes the CRLF presiding the body.
I say because based on example signed messages I see here, the count
matches what the paragraphs states, not what the example shows.
Hector Santos, Santronics Software, Inc.