On Jul 7, 2011, at 3:21 PM, John Levine wrote:
Will your "assume one more From than listed in h=" lead to failed
verifications on messages that actually follow the advice in the RFC
to list duplicate headers in their h= values?
The RFC also says you shouldn't sign messages that aren't RFC 2822. So
pick your poison.
I have to say it's a little surreal to have these arguments about what
changes to make to avoid the horrors of a duplicate From: attack that
is and likely will always be entirely hypothetical, when we can't even
get our act together to deprecate the l= option, including l=0.
It is. This group finds it much easier to add cruft (or argue that
cruft should be added) than to remove cruft.
But we're past the point where we can improve things on
this round of the spec. Time to move on.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html