-----Original Message-----
From: Dave CROCKER [mailto:dhc(_at_)dcrocker(_dot_)net]
Sent: Wednesday, May 04, 2011 11:54 AM
To: Murray S. Kucherawy
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain
Identity"
You can't ignore the *tag*. That's the normative change. Whether you
ignore the *output* is another matter. But of course you can't ignore
the output because l= is "internal". Yet another problem.
So the issue is that someone might read it as "leave l=<value> out
of what you feed to the hash" versus "hash it, but ignore what it's
telling you"?
If so, I agree, we should fix that.
Seems like the replacement text should be something along the lines of:
l= Body length count (plain-text unsigned decimal integer; OPTIONAL, ...
Considerations Section 8. To avoid this attack, signers should
be extremely wary of using this tag, and verifiers might wish
to ignore the tag.
To avoid this attack, signers need to be extremely wary of using this tag, and
verifiers might choose to ignore signatures containing it.
+1
As WGLC is closed, we'll have to wait for guidance from Barry about when we
could make this change once consensus is reached.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html