On 04.05.2011 21:13, MH Michael Hammer (5304) wrote:
>> boun...@mipassoc.org] On Behalf Of Dave CROCKER
>> On 5/4/2011 11:34 AM, Murray S. Kucherawy wrote:
>>> So the issue is that someone might read it as "leave l= out
>>> of what you feed to the hash" versus "hash it, but ignore what it's
>>> te
> Alternatively we can allow it, warn, and expect implementers to code
> heuristics that can discern attacks from regular footers.
Speaking as an implementer, I ignore l=, because the hassle of working
around it and trying to guess how hostile any added content might be is
vastly greater than an
>>> If this is the sort of advice we are going to give then we should just
>>> deprecate "l=".
>>
>> +1: it was an error in the PS and the DS fixes it.
>>
>> Alternatively we can allow it, warn, and expect implementers to code
>> heuristics that can discern attacks from regular footers.
>
> Speakin
> I agree, as a participant. Nevertheless, we have consensus to leave
> it in because of the stats Murray gave us on the usage (on the signing
> side).
I agree we need to leave it in, but as I said, I would rather not offer
advice about how to code around its limitations, not least because
what
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of Barry Leiba
> Sent: Thursday, May 05, 2011 1:55 PM
> To: John R. Levine
> Cc: ietf-dkim@mipassoc.org; Alessandro Vesely
> Subject: Re: [ietf-dkim] 23 a
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of Barry Leiba
> Sent: Thursday, May 05, 2011 1:55 PM
> To: John R. Levine
> Cc: ietf-dkim@mipassoc.org; Alessandro Vesely
> Subject: Re: [ietf-dkim] 23 a
> For what it's worth, our stats show that it is in use on 3.58% of
> signatures received since August.
Do you have enough data to know in how many of those 3.58% the body
wasn't the same length as the l= value ?
Looking at my much smaller archive, it appears that in most cases the
l= matches the
> -Original Message-
> From: John Levine [mailto:jo...@iecc.com]
> Sent: Friday, May 06, 2011 5:37 AM
> To: ietf-dkim@mipassoc.org
> Cc: Murray S. Kucherawy
> Subject: Re: [ietf-dkim] 23 again (sorry John) was Output summary -
> proposing ODID "Originating Domain
On 05/May/11 22:54, Barry Leiba wrote:
If this is the sort of advice we are going to give then we should just
deprecate "l=".
>>>
>>> +1: it was an error in the PS and the DS fixes it.
>>>
>>> Alternatively we can allow it, warn, and expect implementers to code
>>> heuristics that can dis
