ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with Multiple 5322.From

2010-10-05 15:37:29
It has been observed by implementations that is it possible to replay
a message with a 2nd 5322.From header at the top ...

A thing with two From: headers isn't a valid RFC 5322 message.

You may recall a lengthy argument about what to do with messages with
bare carriage returns, with the final conclusion being "don't do
that."  DKIM is only defined to sign valid messages.

If a MUA does something undesirable with invalid messages, I'd encourage
people to improve their MUAs.  I expect that an MUA that does something
wacky with extra From: lines also does something wacky with extra Subject:
or other extra lines.

R's,
John
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>