Hi Steve,
At 15:41 20-05-2009, Steve Atkins wrote:
Remember that we're considering the content of the message as
displayed to the end user here, not the traffic on the wire. If I can
control the content of the message as it's displayed to the recipient,
then the fact that I only have limited control as to the changes I can
make to the bytes on the wire is pretty much irrelevant.
DKIM is not end to end. We only have to preserve the validity of the
DKIM signature up to the DKIM verifier. "l=" was introduced because
some mailing lists appends (sometimes it's more than that) a footer
to the message. I tested "l=" with Mailman a few years back and the
DKIM verification was successful even if a footer was added along the
path between the signer and verifier.
I don't think we should mix the content of the message with "signed"
body. If the verifier passes the "unsigned" part without additional
checks, there will be abuse.
But when we're talking about the benefits of something you can't
If I recall correctly, the feature was added to fulfill one of the
requirements.
There are a few, exceptional cases where using l= to preserve a DKIM
signature via a forwarder that would otherwise break it would actually
work (a sender choosing to use l= to sign the entire length of their
message sending plain text mail to a mailing list that does not modify
the body of the message other than appending a footer and does not
modify the signed headers - no From, Subject, Reply-To changes - for
instance).
Even if you use the "l=", you can still get end up with a broken
signature because of the subject tag. The Reply-To doesn't usually
break the signature.
Regards,
-sm
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html