DKIM signature may not cover the entire body

[aykevl]

The DKIM signature may not cover the entire body (or any part of the body) using the l= parameter. Thus an email message with a valid DKIM signature could still be tampered with. I think the DKIM signature should cover the entire body, e.g. by disallowing the l= parameter or by requiring it to cover the entire attachment.

See RFC6376 section 8.2.

[abrotman]

Sure, we can add that.

[aykevl]

Looks like it's fixed. Thanks!

[danmarg]

Per https://etherpad.tools.ietf.org/p/notes-ietf-100-uta, Jim Fenton points out that constraining the use of l= seems like a bit of a layering violation. I'm somewhat inclined to agree. l= may be a bad idea, but it's not especially worse here, is it?