--On 20 October 2010 15:42:32 -0700 Douglas Otis
<dotis(_at_)mail-abuse(_dot_)org>
wrote:
But, hey, I'm on your side here. I think we should put a warning in
the RFC so that vendors are informed that they need to be sure
they're highlighting the correct header.
Why? There would not be a problem when DKIM verification results return
PERMFAIL when there is any doubt which From header field might be
selected when more than one exists.
Well, that would be even better. But that's a change to the spec. If the
spec were changed, I'd be happy about that. In the mean time, we need to
warn implementers about the security risks that we've identified.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html