On 10/14/2010 10:47 AM, Murray S. Kucherawy wrote:
-----Original Message-----
From: John R. Levine [mailto:johnl(_at_)iecc(_dot_)com]
Sent: Thursday, October 14, 2010 10:45 AM
To: Murray S. Kucherawy
Cc: DKIM List
Subject: Re: [ietf-dkim] layer violations, was detecting header mutations
after signing
I think if it becomes well-known that users of MUA 1 are easier to phish
than users of MUA 2, a lot of people will gravitate to the safer
implementation, don't you? I sure would.
Aw, come on. How many millions of people still use Outlook Express on
Windows XP? Switching MUAs is painful, people rarely do it.
...meaning MUA developers won't bother to do something about it once the
attack is plainly visible and they're used as examples, because since users
won't switch anyway, there's no motivation?
Not to mention the false dilemma that this needs to be handled in the
MUA exclusively. It doesn't.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html