John R. Levine wrote:
What's your counter-proposal to Alessandro's proposal to modify 9.1.1?
Oh, that. Replace all of sec 9.1 with:
"As noted in Section 4.4.5, use of the l= tag enables a variety of
attacks in which added content can partially or completely changes the
recipient's view of the message."
I don't think we actually understand all the ways that l= allows you to
shoot yourself in the foot, so I would prefer not to give the impression
that if people avoid a few cases we describe, they're safe.
+1
Unfortunately, if you do a global search in the document where l= is
mentioned, you will see sentences with inferences for an expectation
it is present and/or should be added. These sentences need to be
reworded to indicate it is an option and not an expectation.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html