On 01/May/11 06:18, John R. Levine wrote: >> What's your counter-proposal to Alessandro's proposal to modify 9.1.1? > > Oh, that. Replace all of sec 9.1 with: > > "As noted in Section 4.4.5, use of the l= tag enables a variety of > attacks in which added content can partially or completely changes the > recipient's view of the message." > > I don't think we actually understand all the ways that l= allows you to > shoot yourself in the foot, so I would prefer not to give the impression > that if people avoid a few cases we describe, they're safe.
-1, I agree we don't know all the ways DKIM can be fooled. Neither we actually saw real attacks in the wild. We don't even state how to react to multiple Froms. Presumably, the wider the DKIM deployment, the more we'll learn on handling attacks. However, hiding the few things we know doesn't seem to be a good start toward such watchful cooperative deployment. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
