On Wed, 06 Oct 2010 13:25:28 +0100, Murray S. Kucherawy
<msk(_at_)cloudmark(_dot_)com> wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Charles
Lindsey
Sent: Wednesday, October 06, 2010 3:47 AM
To: DKIM
Subject: Re: [ietf-dkim] ISSUE: 4871bis - Security Loop hole with
Multiple 5322.From
And note that pious exhortations to ensure that RFC5322 be followed, or
that MUAs should be fixed to solve this problem, are no solution. We
live
in the Real World (TM), and neither of those things is going to happen,
desirable as they might be.
If we can't rely on people to provide valid input when admonished to do
so, then there's no point in continuing any of this work.
Well it is a plain fact that lots of mail non conforming to RFC 5322 is
floating around, and nearly all MUAs are accepting it on the grounds of
"being liberal in what they accept". So it is clear that we cannot "rely
on people" as you suggest. And for sure you cannot expect phishers to heed
any admonishments whatsoever.
And yet we must develop systems that are secure in spite of all that.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html