On 17/05/2024 18:37, Slavko via mailop wrote:
I didn't get what is **new** in it, nor how length of RSA keys is related...
Turning the original content into a comment seemed novel to us, should in theory yield better forgeries than just adding new boundaries. Gmail's "show original" also seems to hide such comments for some reason (making it extra nasty).
The l= DKIM tag was problematic in time of RFC, the Content-Type constructs core of message, thus have to be (over)signed already.
As written, it has been known for a while. But given how prevalent it really is and how it has opened up new avenues of abuse, we felt it was time to call for some action once again.
Best Regards
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
