ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Ticket 23 -- l= and Content-type

2011-04-30 23:21:05
What's your counter-proposal to Alessandro's proposal to modify 9.1.1?

Oh, that.  Replace all of sec 9.1 with:

  "As noted in Section 4.4.5, use of the l= tag enables a variety of
  attacks in which added content can partially or completely changes the
  recipient's view of the message."

I don't think we actually understand all the ways that l= allows you to 
shoot yourself in the foot, so I would prefer not to give the impression 
that if people avoid a few cases we describe, they're safe.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>