ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Ticket 23 -- l= and Content-type

2011-05-01 02:40:32
John R. Levine wrote:
What's your counter-proposal to Alessandro's proposal to modify 9.1.1?

Oh, that.  Replace all of sec 9.1 with:

  "As noted in Section 4.4.5, use of the l= tag enables a variety of
  attacks in which added content can partially or completely changes the
  recipient's view of the message."

I don't think we actually understand all the ways that l= allows you to 
shoot yourself in the foot, so I would prefer not to give the impression 
that if people avoid a few cases we describe, they're safe.

+1

Unfortunately, if you do a global search in the document where l= is 
mentioned, you will see sentences with inferences for an expectation 
it is present and/or should be added.  These sentences need to be 
reworded to indicate it is an option and not an expectation.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html