> -----Original Message----- > From: John Levine [mailto:jo...@iecc.com] > Sent: Thursday, July 07, 2011 6:22 PM > > >Will your "assume one more From than listed in h=" lead to failed > >verifications on messages that actually follow the advice in the RFC to > >list duplicate headers in their h= values? > > The RFC also says you shouldn't sign messages that aren't RFC 2822. So pick > your poison. > > I have to say it's a little surreal to have these arguments about what changes
John, this particular part of the discussion is not about changing the RFC or DKIM implementations, only changing deployment configuration practices. > to make to avoid the horrors of a duplicate From: attack that is and likely > will > always be entirely hypothetical, Doug, has Trend Micro actually demonstrated this attack (and the recommended counter measures) on the wire? If not, I suggest you do so. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html