It appears that Taavi Eomäe via mailop <ta...@zone.ee> said: >-=-=-=-=-=- >-=-=-=-=-=- >Hi! > >As part of coordinated disclosure, I am sharing it here as well. In >short, using the approach described below, attackers can replace the >entire contents of a letter, in a way the letters still pass DKIM’s >cryptographic checks. ...
There is nothing whatsoever new here. We knew l= was a bad idea when we published it, and that you could do all sorts of naughty things by adding or fiddling with MIME parts. Some loud people insisted that it would solve the mailing list problem, which of course it didn't, but we're stuck with it now. I suppose it couldn't hurt to remind people that using l= is a bad idea but if they haven't already gotten the memo sometime in the past decade, I wouldn't hold my breath. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
