I don't so much view DKIM as protecting content; rather, my current view
of its semantics aligns with the whole "taking some responsibility for"
approach.
So far, so good, the signer takes some responsibility for the message.
And thus, a signer should only sign those parts of the header and
body for which it wants to accept responsibility.
Good lord, no. Taking some reponsibility for the message is not the
same as taking responsibility for some of the message.
If you do that, that pretty much requires that we put back the stuff
that says that a verifier produces an edited verision of the message,
and you better be prepared to have a very, very, very long discussion
about how much of a message a signature has to include for it to be
"enough" and how to design various metrics about the relative value of
signatures that cover more or less of the message.
If you think a message is worth signing, sign it. If you don't,
don't. Those are the only two options. When a list manager's domain
signs a message, it's not asserting anything about the literary merit
of the message, it's just saying the message satisfied whatever criteria
it uses to select and pass along the messages it signs. (Yes, this is
fairly tautological.)
The reason you might not include part of a message in the signature is
that you don't care if someone changes it. I don't sign Received: or
X-Mailer: headers, because changing or deleting them is harmless. I
do sign nearly everything else. This also suggests why the l= option
is not useful, since it says "I don't care if other people add stuff
to the end of the message."
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html