First of all, happy 4th of July. For some unknown reason Switzerland
doesn't celebrate it.
As I understand it, they couldn't get the paperwork approved.
#11 3.4.5, end of 1st informative note: s/ignore the tag/ignore
content after the indicated length/ Reason - if the ignore the tag
then they won't verify the signature.
Actually, in our early discussion over this we actually did mean that
the verifier can simply ignore the tag, and yes, it won't verify. Some
people deemed that to be a feature, not a bug.
In the "Horses not Zebras" department what's the best wording?
We still have some fairly basic disagreements about the utility, if
any, of the l= field.
If you want a consensus statement, I'd say that l= permits the sender
to indicate that there may be unsigned material after the end of the
signed body and leave it at that.
I would not be eager to leave in the advice on ways to make it harder
for bad guys to do bad things by adding hostile MIME content after the
signed part. We don't understand the attack routes very well and I
wouldn't want to create the impression that if senders follow our
advice, then l= is "safe".
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html