--On July 4, 2006 6:58:59 PM +0000 John Levine <johnl(_at_)iecc(_dot_)com>
wrote:
...
If you want a consensus statement, I'd say that l= permits the
sender to indicate that there may be unsigned material after the
end of the signed body and leave it at that.
I would not be eager to leave in the advice on ways to make it
harder for bad guys to do bad things by adding hostile MIME content
after the signed part. We don't understand the attack routes very
well and I wouldn't want to create the impression that if senders
follow our advice, then l= is "safe".
Actually the intent of the wording is to make it clear to the reader
that the l= option is /not/ safe in the general case.
eric
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html