On 12/05/2017 03:52 PM, Pawel Lesnikowski wrote:
encoded-words are simply not permitted inside email addresses. MUA
shouldn't attempt to decode this at all.
Perhaps they shouldn't attempt to decode it per say.
I think they should attempt to detect the presence of invalid characters
and act accordingly.
Attempting to decode is the first problem, incorrectly handling null
terminators and new lines is the second issue.
Okay.
MUAs simply don't expect new lines and null terminators there.
Isn't expecting something unexpected a tenant of security?
I.e. code defensively.
DKIM works as expected, but as you said it may re-enforce an incorrect
assumption that email is from respected source.
:-/
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html