On Jun 1, 2009, at 8:23 AM, Barry Leiba wrote:
John says...
Related question: whether or not you sign with l=, does anyone have
any software that does anything with l= other than use it to decide
how much of the body to check? Anyone seen an MUA that uses it to
manage message display? A spam filter that uses l= in its secret
sauce? Any use of l= at all?
I think this is an important question for us to answer as we decide
what to do with it in 4871bis work, and I'd like to see some answers
either way (including "We don't sign with it.") I'd especially like
to hear what verifiers do if it's present and it doesn't cover the
whole message: what do you do with the part of the message past the
specified length?
So, please, don't be silent on this thread. But also, please only
talk about what implementations *are doing*, not what they might
hypothetically do. Thanks.
If we see a message that's signed with l= then we treat it as unsigned
right now.
If l= usage becomes common we'll probably treat the case where
l= the actual length of the message as validly signed and any
other l= value as unsigned.
We're not doing anything particularly clever with DKIM identities,
though, just using them as a key to a domain based whitelist to
enable some automated handling of inbound email (FBL handling,
primarily) and enabling rendering email with risky renderers (html,
pdf) by default
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html