Will your "assume one more From than listed in h=" lead to failed
verifications on messages that actually follow the advice in the RFC
to list duplicate headers in their h= values?
The RFC also says you shouldn't sign messages that aren't RFC 2822. So
pick your poison.
I have to say it's a little surreal to have these arguments about what
changes to make to avoid the horrors of a duplicate From: attack that
is and likely will always be entirely hypothetical, when we can't even
get our act together to deprecate the l= option, including l=0.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html