--On 20 October 2010 15:42:32 -0700 Douglas Otis <do...@mail-abuse.org> wrote:
>> But, hey, I'm on your side here. I think we should put a warning in >> the RFC so that vendors are informed that they need to be sure >> they're highlighting the correct header. > > Why? There would not be a problem when DKIM verification results return > PERMFAIL when there is any doubt which From header field might be > selected when more than one exists. Well, that would be even better. But that's a change to the spec. If the spec were changed, I'd be happy about that. In the mean time, we need to warn implementers about the security risks that we've identified. > -Doug > > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html