Murray S. Kucherawy wrote:
Levine wrote:
Aw, come on. How many millions of people still use Outlook Express on
Windows XP? Switching MUAs is painful, people rarely do it.
...meaning MUA developers won't bother to do something about
it once the attack is plainly visible and they're used as
examples, because since users won't switch anyway, there's no motivation?
The backend will address it first before the MUA needs too.
Murray, most people are not haters and don't draw a line between good
and bad because one isn't perfect and therefore begin to "switch"
software like cheap wine.
Since DKIM is betting its future on increase mail integrity and
verified identities, it is a fundamental requirement that it checks
key parts to make sure the integrity stays in tack. Passing the buck
(or assuming others are better suited to deal with it) is not
practical and bad PR for DKIM.
In reality, all parts need to check for this, the MUAs, the backends
and above all because of the extra special needs for trust - DKIM.
The backends can't presume all the different MUAs used will address
this, so it needs to address it.
The DKIM components can't assume the backend or MUAs will address it,
so it needs to address it itself.
--
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html