#18 3.6.1, "g=". Is "g=*s*t*e*p*h*e*n" allowed or is one "*" the limit? I
don't care, but it should say.
Good catch. Why does the definition for key-g-tag-lpart only allow one "*"?
The intention was to allow sub addresses so if your MTA delivers all
addresses of the form fred+foo or fred-foo to fred, it can cover all
the versions. I would suggest changing the wording and ABNF to permit
a * only at the end. I can tell you from experience that coding
pattern matchers, even one for a single * in the middle, is tricky and
a rich source of obscure bugs, so I would prefer if the the patterns
were trivial.
It prevents a MITM attack that many people think is significant,
namely adding headers that mean something to the recipient.
The usual example is a plain text message without MIME headers to
which a bad guy adds headers making some random line in the message
into the MIME separator, thereby hiding everything in the message
above that. It interacts particularly badly with l= since you could
add new MIME stuff at the end and make the original message completely
invisible.
Current DNS RRtypes which result in a leaf record will not loop.
CNAMEs can always loop, but that is a general problem that we aren't
making any worse.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html