John R. Levine wrote:
I don't see incentives to spoof:
MIME-Version
Content-Type
What are the gains?
This has been discussed at great length. Please consult the list archives.
Thanks - you couldn't summarize or its too hard to explain?
I can search, certainly not consult. But let me "consult" GOOGLE:
MIME-Version Exploits IETF-DKIM
Without going nuts looking all the results, I see whats in 4871 section
8.1.1. Addition of New MIME Parts to Multipart/*
and this seems about the l= body size issue which most people already
agreed is a bad idea.
I don't see how the 5322.Mime-Version header can be exploited.
Anyway, never mind.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html