-----Original Message-----
From: John Levine [mailto:johnl(_at_)iecc(_dot_)com]
Sent: Thursday, July 07, 2011 6:22 PM
Will your "assume one more From than listed in h=" lead to failed
verifications on messages that actually follow the advice in the RFC to
list duplicate headers in their h= values?
The RFC also says you shouldn't sign messages that aren't RFC 2822. So pick
your poison.
I have to say it's a little surreal to have these arguments about what changes
John, this particular part of the discussion is not about changing the RFC or
DKIM implementations, only changing deployment configuration practices.
to make to avoid the horrors of a duplicate From: attack that is and likely
will
always be entirely hypothetical,
Doug, has Trend Micro actually demonstrated this attack (and the recommended
counter measures) on the wire? If not, I suggest you do so.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html