On 5/4/2011 12:08 PM, Murray S. Kucherawy wrote: >> Verifiers must not ignore them, assessors on the other hand may. > > Either could. It's an implementation choice. > > If the verifier wants to enable the assessor to make the call, it's free to > export "l=" information.
Verifiers declare a signature as valid or not. This discussion is a very nice example of the difference between protocol vs. implementation. The protocol says l= is valid. However a particular implementor might choose to declare that any l= not covering the entire message shall result in a failed verification. The same applies for verifiers detecting use of sha1. They are free to do that. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
