I find your arguments largely unconvincing.
Firstly, one expressed use case for l= is "l=0" - in other words, don't
sign any of the body. In that case I can put any body content in there
I like, and it'll still be validly signed.
There are specific applications for such a case, and most of them are,
in my experience, programmatic, where there is no body, or where the
body is merely a comment (I've seen both forms commonly used).
I don't get it. Yes, if you don't care about the body of a message,
using l=0 is mostly (not entirely) harmless, but I don't see that it
solves any problem. What's the advantage of using l=0 versus signing
the message the usual way? The speed difference is imperceptible.
Are these messages unusually likely to go via a path that smashes the
body and would break a regular signature?
Also, the reason it's only mostly harmless is that it's still subject
to replay attacks if a bad guy gets such a message, pastes on a spammy
body, and then resends it to a million random people, presumably
thereby destroying whatever reputation the signer had.
The whole point of l= was to say that beyond it you should treat the
content as suspicious.
My recollection of the debate about l= is that there were about as
many theories about the point of l= as there were people promoting it.
The main theory I remember was about hypothetical mailing lists that
were too incompetent to filter incoming spam so the list recipients
would do it based on the signatures of messages that passed through
the list.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html